I've been plaing around with the cache to speed up an app a little bit
and I ran into an interesting problem when having different user roles
and elements in a view that can be seen by an admin, but not by a
user.
So in my app I have some code to check if the currently logged in user
is an admin or a simple user. For example an admin can see deactivated
users in a list of users and a normal user won't see them. The
"problem" I think is, that I use the same view and the same action,
but the code is different for an admin (other conditions etc.)
The cache is configured in the controller as:
var $cacheAction = array(
'index' => '600',
'grouplist' => '600',
'listing' => '600',
'view' => '600'
);
So when visiting let's say "index" of users, the cache engine will
produce a file called users.php in the views folder of tmp/cache.
It works because the output is remarkable faster than it is without
the cache.
Otherwise, when a "user" on the same "team" loggs in and views the
action index of users, he will get the SAME output as the admin! That
is a really big problem as a user should not be able to see the
elements that the admin can see.
Did anyone of you ran into the same problem or has any idea how to
work around this conflict?
In my case I have to mention that I suggested to split admin actions
and views from the ones for the normal users, but the app is currently
structured as one action and one view for all user roles, and within
views and controller-actions there are separations to gather the data
for admins or users.
Regards,
DD
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment