tags:

views:

154

answers:

5

i am planing to set a permission on my event index page, which just allow certain user to view which had set when i add the event. After user click into my event, the event controller will 1st check the user id and check the event database which control the user can see which event in his calendar. The permission is added when user create a event and share to other user. Beside, how can i find the current user id to compare with my event database which is the accurate 1?

any suggestion for me to did this function? i need to know the code and concept how i get the current user id to compare with all the event database, and allow the current user see the certain event.

thanks alot for your information.

+3  A: 

Use sessions to save and read data for a user between pages.

Within Controllers:

// store a user id in the session
$this->Session->write('User.id', $userId);

// read a user id from the session
$userId = $this->Session->read('User.id');

Within Views:

// read a user id from the session
$userId = $session->read('User.id');

You can use any key you want if you prefer something over "User.id". I simply use this since it is what the AuthComponent defaults to if you are using that.

Matt Huggins
+1 for thorough example, but "The major difference between the Session Helper and the Session Component is that the helper does not have the ability to write to the session." http://book.cakephp.org/view/484/Session
deizel
Thanks for pointing out that difference, I updated my response to reflect that.
Matt Huggins
+3  A: 

What you're looking for are ACLs (Access Control Lists). There's an AclComponent built into Cake which you should look into. It works together with the AuthComponent, which will hold the user id. It's a little complicated at first, but worth the hassle.

deceze
+1  A: 

Also, for a simple approach, have a look at the model and controller settings of AuthComponent::authorize. This allows you to define an isAuthorized() method in your controller or model (your choice) which will store logic that determines access (should return true if access allowed and false if denied).

deizel
+2  A: 

The recommended approach for getting logged in user data is via the AuthComponent itself:

// in any controller
$userId = $this->Auth->user('id');

See http://book.cakephp.org/view/387/user

neilcrookes
A: 

to see sessions, queries, data, and everything else that is passed from page to page in cake use this amazing little helper http://thechaw.com/debug%5Fkit

ondrobaco