but I'm interested if there is some flexibility in content access. If
we don't do any specific manipulation, edit/delete methods have no
restrictions user wise. If we do have some tables f.e. orders,
accounts, tickets etc that belong to a user, we could do accounts/edit/
5 and edit user number five. But we need to specifically do a manual
verification if that number 5 account belongs to a user.
Is there any centralized verification for that kind of relations?
Probably something in the app_model or setting edit/delete functions
with some predefined constraints in the app_controller? It's security
unwise, but on the other hand there is no rule for that kind of access
rules.
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment