before I got the reply I was able to figure it out.
One last problem I am having is that if a user want to edit his
profile and the id field for the user in the profile table is 1 but
the value of the loggedin user id is 2 a user trying to edit his
profile wont be able to edit his profile instead he would be editing
the users whose id is 2 in the profile table because whenever a user
is trying to edit his profile I am passing the value of loggedin user
id from the user table.
Is there a way for me to edit a profile targeting the user_id in the
profile table instead of the id in the profile table.
On Sep 4, 3:15 am, andrewperk <andrewp...@gmail.com> wrote:
> I can try to give you some tips on how to build your code and the
> logic behind it.
>
> I assume your user model has a (hasOne) relationship to the profile
> model and the profile model has a (belongsTo) relationship to the User
> model, right? A user can have a single profile. In the profiles table
> there's a user_id field to relate that profile to a user.
>
> You should then be able to do a check on the logged in user''s
> associated profile to see if a profile even exists. You can do this by
> looking in the profile table to see if one has a user_id field equal
> to your logged in user's id. If you find a row with a user_id field
> equal to your logged in user that means they have created a profile
> already, if not, they don't have a profile. You would do something
> like:
>
> function addProfile() {
> // Try to find a profile that belongs to the logged in user's ID
> $profile = $this->Profile->findByUserId($this->Auth->user('id'));
>
> // If it's not empty, that means the logged in user's profile was
> found, so redirect out
> if (!empty($profile)) {
> $this->Session->setFlash(array('You already have a profile'));
> $this->redirect(array('controller'=>'users',
> 'action'=>'index'));
> }
>
> // If they got here they don't have a profile, create a new one,
> // your add a profile code goes here...
>
> }
>
> There might be a better way to check this, possibly through the User
> model association but this was just off the top of my head and should
> get you headed in the right direction.
>
> On Sep 3, 2:27 pm, tubiz <tayi...@gmail.com> wrote:
>
>
>
>
>
>
>
> > Really grateful for your help. It is now working as I wanted it to
> > didn't know it was this simple but I was thinking in this direction.
>
> > But I am having another problem in my cakephp application I have a
> > function called addProfile I would like the function to be displayed
> > to a user that has logged in and hasnt setup his profile but if he has
> > set it up he should be directed to the Users Homepage.
>
> > On Sep 3, 5:48 pm, andrewperk <andrewp...@gmail.com> wrote:
>
> > > It's pretty simple, just use a conditional to compare the logged in
> > > user's ID to the ID passed in to the URL. If it doesn't match then
> > > they get redirected back to the edit page but this time passing in
> > > their ID rather than the one they tried to use. This should ensure
> > > only the current user can edit their current profile. Each time the
> > > user enters in an ID when trying to access the edit page and that ID
> > > doesn't match their ID they will get redirected.
>
> > > function edit($id = null) {
> > > if (!$id && empty($this->data)) {
> > > $this->Session->setFlash(__('Invalid profile',
> > > true));
> > > $this->redirect(array('action' => 'index'));
> > > }
> > > // Check if the logged in user's id matches the passed
> > > in id
> > > // if not redirect to their edit page
> > > if ($id != $this->Auth->user('id')) {
> > > $this->redirect(array('action'=>'edit', $this->Auth->user('id'));
>
> > > }
> > > if (!empty($this->data)) {
> > > if ($this->Profile->save($this->data)) {
> > > $this->Session->setFlash(__('The
> > > profile has been saved', true));
> > > $this->redirect(array('action' =>
> > > 'index'));
> > > } else {
> > > $this->Session->setFlash(__('The
> > > profile could not be saved.
> > > Please, try again.', true));
> > > }
> > > }
> > > if (empty($this->data)) {
> > > $this->data = $this->Profile->read(null, $id);
> > > }
> > > $users = $this->Profile->User->find('list');
> > > $this->set(compact('users'));
> > > }
>
> > > On Sep 2, 10:49 pm, tubiz <tayi...@gmail.com> wrote:
>
> > > > Thanks for your help. PLease I still cant restrict access to only the
> > > > loggen in users details this is my edit code
>
> > > > function edit($id = null) {
> > > > if (!$id && empty($this->data)) {
> > > > $this->Session->setFlash(__('Invalid profile', true));
> > > > $this->redirect(array('action' => 'index'));
> > > > }
> > > > if (!empty($this->data)) {
> > > > if ($this->Profile->save($this->data)) {
> > > > $this->Session->setFlash(__('The profile has been saved', true));
> > > > $this->redirect(array('action' => 'index'));
> > > > } else {
> > > > $this->Session->setFlash(__('The profile could not be saved.
> > > > Please, try again.', true));
> > > > }
> > > > }
> > > > if (empty($this->data)) {
> > > > $this->data = $this->Profile->read(null, $id);
> > > > }
> > > > $users = $this->Profile->User->find('list');
> > > > $this->set(compact('users'));
> > > > }
>
> > > > Would be very grateful if you can edit it to include what you wrote
> > > > initially.
> > > > Thanks
>
> > > > On Sep 3, 5:12 am, andrewperk <andrewp...@gmail.com> wrote:
>
> > > > > You need to scope the update to only update the logged in user. That
> > > > > way when a user accesses the update action it will only allow them to
> > > > > update their own account.
>
> > > > > For instance on the action to update a user fetch that user like so:
>
> > > > > public function update() {
> > > > > // This sets the logged in user as the user to update
> > > > > $this->User->id = $this->Auth->user('id');
>
> > > > > Prepopulate form with logged in user details
> > > > > if (empty($this->data)) {
> > > > > $this->data = $this->User->read();
> > > > > }
> > > > > // Save user
> > > > > else {
> > > > > if ($this->User->save($this->data)) {
> > > > > $this->Session->setFlash('Update successful.', 'default',
> > > > > array('class'=>'success'));
> > > > > $this->redirect(array('action'=>'view', $this->Auth->user('id')));
>
> > > > > }
> > > > > // There was an error
> > > > > else {
> > > > > $this->Session->setFlash('Errors while updating:', 'default',
> > > > > array('class'=>'error'));
> > > > > }
> > > > > }
>
> > > > > }
>
> > > > > If for some reason you need the functionality of passing in the user
> > > > > ID to the update action then do a check to see if the id passed in
> > > > > matches the logged in user, if not redirect and don't allow them to
> > > > > edit. So you modify the code above to have an if:
>
> > > > > public function update($id = null) {
> > > > > if ($id != $this->Auth->user('id')) {
> > > > > // User is accessing someone else's profile, don't let them edit
> > > > > $this->redirect(array('action'=>'index');
>
> > > > > }
>
> > > > > // the rest of the update code below..
>
> > > > > }
>
> > > > > On Sep 2, 11:55 am, tubiz <tayi...@gmail.com> wrote:
>
> > > > > > I have already setup the auth component and it is working perfectly.
> > > > > > But I just discovered a problem.
> > > > > > There are two users in my users table when I am login as one of the
> > > > > > users I can access the other users details just by changing the i.d.
> > > > > > This wouldnt be secure as a login user can access all the details of
> > > > > > other users,
> > > > > > Please how can I stop this so that a logged in user is only able to
> > > > > > view his details only and not other users details.
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment