Thursday, April 30, 2009

Re: ACL from View

Faza, appreciate the help. The problem I see with your approach occurs
in your earlier example here:
>>in view i put this: (yes, I will make a helper to do it one day)
if (in_array($session->read('Auth.User.group'), array("Administrator",
"Designer"))
{
...

}

This assumes (hard-coded in the view) that group "Designer" will
always have access to this particular view item. If you remove the
right from the designer group, but the logged in user is still a
member of group "Designer" then the condition will still pass. It's
only checking group membership, not the rights of that group (really,
the effective rights of the user is what should be checked) to that
particular action in the view.

What I want is a way, from the view, is to check if the logged-in user
has access to a particular controller/action pair, so that I can show
or hide links to any clickable link.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

No comments: