routing and AuthComponent. In your non-admin actions, just ensure that
your conditions check for the user_id so that only books belonging to
that user can be edited, deleted, etc. For example:
'conditions' => array('Book.user_id' => $this->Auth->user('id'))
For editing a Book, pass the id as normal but check it first against
the IDs of all books owned by the user. When a user logs in, grab the
book IDs and store them in the session to make this easier.
For the admin pages, of course, leave out this condition.
On Tue, Sep 1, 2009 at 3:14 PM, Henrik Gemal<henrikgemal@gmail.com> wrote:
>
> I need to write an admin application where user can only see their own
> stuff and admins can see all the stuff.
>
> But I am a bit confused which way I need to look. Should I look into
> using ACLs or ....?
>
> Think of a book site where users can only see and edit the books they
> posted and admins can see and edit all books. ACL's seems complicated.
>
> Any recommendations?
>
> I've been using Cake now for a year but have never used ACLs yet.
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment