with a particular User. You could write a routine in
AppModel::beforeSave() that checks for existence of
$data[$this->alias]['user_id'] and, if there, check that against the
session ..
Wait--can't get the session from the model.
Another tack would be to use SecurityComponent, which will add a
hidden field to your forms that will ensure that your other hidden
fields haven't been changed. So, you could then check the session in
your controller action before even displaying the form.
http://book.cakephp.org/view/175/Security-Component
On Fri, Mar 27, 2009 at 9:05 PM, Aurelius <aurelius@temporaryinbox.com> wrote:
>
> I'm working about 2 month with Cake, but its my first bigger app.
> I want to write my own security function which would check before each
> save() if the save model is associated to the logged in user, what
> would be the best way to do that?
>
> My Ideas till now:
> a beforeSave() function in Appmodel:
> + DRY
> + relative secure
> - if I use more than one save() its inefficient (I have up till 8 on
> one page)
> - I don't have a clue how I can check newly created ones with no id
>
> a beforeSave(9 in each Modell:
> - even more crappy than above
>
> a validation-function in the controller
> - not DRY
> - more code
> + could work with allready readed data
>
> I believe that there must be more peaple out there with the same
> problem, are there any finished solutions?
>
> Any Ideas or thoughts are welcome!
>
> thx
> Aurelius
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment