for the comment he wants to edit there is so other secure way
On 2 Mrz., 19:18, brian <bally.z...@gmail.com> wrote:
> On Mon, Mar 2, 2009 at 11:01 AM, Dolbex <dol...@gmail.com> wrote:
>
> > Hello fellow bakers!
>
> > I have looked around for a while trying to find a 'best practice' on
> > securing edits of a hasMany relation. Simple example:
>
> > User -> hasMany -> Comments
>
> > If I want to allow a user to edit only his/her comments is their a
> > good way without having to re-read the record they are editing to
> > compare userid's?
>
> You can do this on the initial request.
>
> $this->data = $this->Comment->read(null, $id);
>
> if ($this->data['Comment']['user_id'] != $this->Session->read('User.id'))
> {
> $this->flash(...)
>
> Store the user_id as a hidden form element. If you're using the
> SecurityComponent then it will be difficult to change that.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment