Aha, a combination of you posts solved this problem ;)
However, I've got another one when trying to log in now. The password
comparing doesn't work. The password values in my database are build up
with the Blowfish hasher. When I'm submitting my login form, it compares
the text value of the
Okay, leave it guys! When I've posted my previous question, I suddenly
realised that my database structure reserved 50 characters for the password
field instead of 60. When changing this, it's all working great. Thanks
anyway!!!
Op vrijdag 8 augustus 2014 12:11:38 UTC+2 schreef Sam Clauw:
The issue is that the router adding to the subfolder where the project
resides in and not the root dir which I cant access with routing.
I cant get to the desired page for unauthorized users.
Router::connect('/', array('controller' = 'users', 'action' = 'login'));
this routes to crm/crm/...
I'm wondering what everyone is doing about the default links. I'm setting
up an application that has multiple companies with multiple employees. One
company can't see another companies employees.
However, if a manager can display a list of all their employees and edit
them via GET, they can
I think you are confusing a few things here.
GET/POST has nothing to do with what pages you can acess.
You should use role (preferred) or row based access control to those forms
and non-public actions.
The type is revelant for what type of action you take.
GET if it does not alter the database
Did you ever solve this?
Thanks
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from this group and stop receiving emails
Hey good people
When i test controllers and want to mock certain methods on the controller, i
use -generate(), but i have to also define components that already are defined
in the controller, and if i want to use the real components i have to stub out
dummy method on the component to make it
Thanks Mark,
I am using ACL. So for example, if a role such as a manager can list all
the employees of that company, it also adds the Action links (add) (edit)
(delete). If this manager clicks to edit one of the employee (users), this
is sent to the EDIT view via GET with the user id in the
You should check the ACL in the edit controller action before actually doing
anything
/thomas
On 08 Aug 2014, at 22:33, Steve Thomas smt9...@gmail.com wrote:
All the manager would have to do is change the id in the address bar to
access another user. Possibly a user from a different
You could add a condition like
'conditions' = array(
'Employee.company_id' = $this-Auth-user('company_id')
)
So when changing the id in the url the application still only allows fetch data
which belongs to the same company..
The same applies for delete, just check before if current
10 matches
Mail list logo