function edit() {
$uid = $this->Session->read('Auth.User.id');
if (!empty($this->data)) {
$this->data['User']['id'] = $uid;
if ($this->User->save($this->data, true, array('email',
'first_name', 'last_name', 'id', ...))) {
$this->Common->flashMessage(__('changesSaved', true), 'success');
$this->Common->postRedirect(array('controller' => 'overview',
'action' => 'index'));
} else {
$this->Common->flashMessage(__('formContainsErrors', true),
'error');
}
} else {
$this->data = $this->User->get($uid);
}
}
and use
array('action'=>'edit')
in urls
On 3 Sep., 14:44, tubiz <tayi...@gmail.com> wrote:
> I have a User and Profile controller in an application I am working
> on.In my model files a User hasOne profile and a Profile belongsTo a
> User.
>
> The problem I am having is that if a logged in user wants to edit his
> profile he can eidt other Users profile just by changing the value of
> id in the link. Example /profiles/edit/1 where 1 is the id of the
> user. I would like to know how to prevent this so that a user can only
> edit his profile only.
>
> WOuld also like to know if there is a way to eidt a profile or user
> details without passing the value of the id. SO instead of a user
> visiting /profiles/edt/1 ot edit his profile he should visit profiles/
> edit instead.
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment