I've been thinking about wheter or not it's a good idea to place acl
check things in the model or not. My idea is to maybe place some sort
of generic access check in appModel to interupt the request if the
user (of requester) dont have access. But i dont know if that will
break the MVC pattern or
this is integrated into the AuthComponent already.
function beforeFilter() {
$this-Auth-authorize = array('model' = 'User');
}
then put this in the User model for instance.
function isAuthorized($user, $controller, $action) {
//do some checks
return false;
}
if you want to do it