in the view that the group would always have access to that item.
Let's say then with ACL you remove that right... all the views where
you have that hard-coded logic would then need to be updated, which is
the problem I am trying to avoid.
Ideally, ACL would be the one place to go where that is controlled.
We currently have an application that is in flux - meaning that there
will be different types of free, discounted, and full memberships,
along with different levels of administrators. What these users and
groups are allowed to do will change over time. I want to minimize the
hard-coded stuff, and just ask ACL, can this user do
whateverController/whateverMethod, from the view.
Sure, if the link is present, and the user clicks on it, I can deny
access in the controller (which I do) but that becomes annoying to the
end users. If they don't have rights to do a particular action, the
link shouldn't be present in the view.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment