Nothing to do with the actual function of getting the data just simply the
hypothetical way to check if it's the owner or not. Just the way the code is
structured.
1.attempt to get data based on the $id requested (the function will either
find something or not is all we are concerned about for the example)
2.if record found do something with data
2a. if no data found for whatever reason, no record exists, not correct user
requesting record, not logged in....anything.
How do you check if the request for a record belong to user?
Im referring to the code how its written not the actual functionality of if
found / correct user / auth
When you check your requests against user sure you check if the user owns
the record, I'm interested in the flow process of how others go about it, if
im doing it right, if there is a better way, easier way?
JUST THIS BELOW (THE STRUCTURE / WORK FLOW )
____________________________
Function edit($id){
$data = $this->User->somefunctionToReturnUserRecord( $id, $auth_id);
If($data){
//do something with data
}
If (!$data){
//something went wrong
}
}
Thanks,
Dave
-----Original Message-----
From: cricket [mailto:zijn.digital@gmail.com]
Sent: Tuesday, December 28, 2010 10:30 PM
To: cake-php@googlegroups.com
Subject: Re: Owner Check
On Tue, Dec 28, 2010 at 2:44 PM, Dave Maharaj <me@davemaharaj.com> wrote:
> So is that the best way to check owner against user? Well im sure there is
> no best way since every situation is different but doing it this way is
just
> as good?
> Simply try to get the request as normal and then process it. If $data then
> there is a record do whatever with the data, if no $data then the user is
> attempting to get something not theirs so $data will be empty tell user
they
> are an idiot :)
>
> Just curious since some of the function
>
> $data = $this->User->somefunctionToReturnUserRecord();
>
> If($data){
>
>
> }
> If (!$data){
>
> }
I think there are two separate issues here: whether the logged-in User
owns the Record; and whether the User has any Records at all. In the
first case, it comes down to getting $user_id =
$this->Auth->user('id') and then doing a find with the conditions that
the Record.id == $id and Record.user_id == $user_id.
Check out the new CakePHP Questions site http://cakeqs.org and help others
with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment