Thank you for your answer
Best regards
Paulo
On Tuesday, December 25, 2012 4:53:22 AM UTC+2, zuha wrote:
Is there a reason you don't just do access control in the controller then? ie.--if ($this->request->data['User']['creator_id'] == $this->Session->read('Auth. User.id ')) {$this->BlogPost->save($this->request->data); }BTW, Zuha has a behavior called the UsableBehavior which could probably be modified to do what you're trying to do with a new function or two added to it. https://github.com/zuha/Zuha/tree/master/app/Plugin/Users/ Model/Behavior
On Monday, December 24, 2012 6:12:02 PM UTC-5, Paulo Braga wrote:Hi Rob. Thanks for your answer, the behavior is very interesting.
I think I did not express myself well, I dont want just to set that a user has only access to the posts he created.
I want also to configure for example:
We have hotels around a country from the same organization, so in each city there's a manager, and I want a manager to manage just the hotels in his city. but this hotels can be created by another user(admin), is it possible? I did it with isAuthorized() method, but it requires a lot of "code (ugly code)° :p
Paulo
On Monday, December 24, 2012 3:08:31 PM UTC+2, Rob M wrote:Hi Paulo: You are describing row-level access control, and I am doing that with CakePHP 2.0 using a modified version of Daniel Vecchiato's WhoDidIt Model Behavior (https://github.com/danfreak/4cakephp/tree/master/models/ ). Then I check in the controller to see if the id in the table for the person who created the record matches the id of the person who is trying to modify it. - Robbehaviors
On Sunday, December 23, 2012 4:01:28 PM UTC-5, Paulo Braga wrote:Hi people.
I am using cakephp 2.x, and I am trying to build a system with group permissions, ok, I used Acl and Auth component without problem.
Now I want to configure access to specific data. for example:
we have a blog app, and we have users, posts, etc.
an admin can do anything(no problems);
a post is posted by a user. (some problems here);
With acl I configured that admin group can do anything. and that user group can just do anything in posts(add, list, edit, delete). everything is working.
But I dont want a user to edit,delete,list posts that were not created by him.
I used to do it with the method isAuthorized(), but imagining a big app, I think it will be too hard to codify it.
is there a "clean" way to do it???
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
No comments:
Post a Comment