Someone wants to access something ($id) how do YOU (yourself) or any other
Cake user check if it's the owner. I'm doing it 1 way so I want to see how
others are doing it. That's all.
The way I am doing it works sure but I want to know if what I am doing is
the right way, is there a better way, easier way..options I can use to make
it easier...better.
I have seen examples where $id is passed and then
Function edit($id){
$data = $this->Model->read($id);
//get the data from the db then
if($data['Model']['user_id'] === $this->Auth->User('id') && $id ===
$data['Model']['id']){
//is owner
} else {
//is not owner
}
}
or what im doing simply forget the 'read' and do a find with $data =
$this->Model->someFunction( $id, $this->Auth->User('id)) and
if $data (yes the function will only pull the record to the user check
ownership there I guess you could say because it will not pull records that
are not Auth->User id)
Because in the first example the $id will read from the db no matter what as
long as $id is passed and $id is in the db so your going to the db no matter
what and reading the data.
In my way with $data = $this->Model->someFunction( $id,
$this->Auth->User('id)); your only reading / finding / retrieving data if
the conditions exist.
In my head I think why pull the data if its not the owner with read? So pull
the data using a find and if anything is found then continue on with the
request.
Does that make sense...hope that pretty much sums it up.
Thanks again for your response.
Dave
-----Original Message-----
From: cricket [mailto:zijn.digital@gmail.com]
Sent: Wednesday, December 29, 2010 12:35 AM
To: cake-php@googlegroups.com
Subject: Re: Owner Check
On Tue, Dec 28, 2010 at 9:02 PM, Dave Maharaj <me@davemaharaj.com> wrote:
> Sorry, this is getting away from the original question.
> Nothing to do with the actual function of getting the data just simply the
> hypothetical way to check if it's the owner or not. Just the way the code
is
> structured.
>
> 1.attempt to get data based on the $id requested (the function will either
> find something or not is all we are concerned about for the example)
> 2.if record found do something with data
> 2a. if no data found for whatever reason, no record exists, not correct
user
> requesting record, not logged in....anything.
>
> How do you check if the request for a record belong to user?
> Im referring to the code how its written not the actual functionality of
if
> found / correct user / auth
>
> When you check your requests against user sure you check if the user owns
> the record, I'm interested in the flow process of how others go about it,
if
> im doing it right, if there is a better way, easier way?
>
> JUST THIS BELOW (THE STRUCTURE / WORK FLOW )
> ____________________________
>
> Function edit($id){
> $data = $this->User->somefunctionToReturnUserRecord( $id, $auth_id);
>
> If($data){
> //do something with data
> }
> If (!$data){
> //something went wrong
> }
> }
>
I'm not entirely sure what you're getting at. But, if the User hasMany
Record, and the method param is the Record.id, I guess it makes most
sense to first fetch the Record, then test if it's empty. If empty,
return not found error. If not, then check $data['Record']['user_id']
against $this->Auth->user('id') and respond accordingly.
Is that what you're asking?
Check out the new CakePHP Questions site http://cakeqs.org and help others
with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment