Hi there everyone. Newbie CakePHP individual here. This framework has really taught me the concepts of MVC, moreso than Drupal ever did, anyway.
I have a question regarding the ACL component: I understand that the component restricts access of a requester object to a control object based on controller/action. Is it possible to restrict it one level further, controller/action/[SomePermission]? Exampe: Suppose I want to have a users controller with editable data, accessible by user/[id]/ edit or something similar, but suppose I want some people to only edit their own profile, and others to be able to edit anyone's profile. Would I create another ACO for those two options (permission to edit one's own profile or anyone's profile) or, would I just restrict general access to controller actions using the Auth component, and then restrict which rows a user has access to in the controller itself? This question is more or less one of row-level permissions and how to restrict users from accessing one row versus another. I've reasoned in my head that row-level permissions are children of controller/ action permissions, but am I looking at things wrong? Any suggestions would be greatly appreciated. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
