Hi, I'm looking for guidance on the best way to handle actions for users with different roles.
I currently have 3 different roles or groups: - member - admin - team member, or internal employee If I use roles, by adding a role column to the users table, I would then check the role after login and redirect to the "dashboard" for that role. Then I'm assuming I would have to add checks in the controller actions just in case the user navigated to an action they're not supposed to be able to use. For example, admin can add a team member, but a team member could also manually navigate to "teammember/add" and I would need to handle those cases by not allowing access. If use acl, I would setup all of the allow and deny permissions, but wouldn't I still need to check the group to redirect them to their "dashboard?" And if a user navigated to an action that wasn't allowed, I would still need to check the permissions to determine if I need to redirect them rather than saying "you are not authorized to do this?" Since I'm not using permissions at such a fine-grained level (e.g. per user) should I use acl? Or is the role method fine for this type of usage? Thanks for your help! Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
