For those of you who may have read this earlier, I've done a little research and completely revamped my question. I've been having a problem where my form requests get blackholed by the Security component, although everything works fine when the Security component is disabled. I've traced it down to a single line in a form:
<?php echo $form->create('Audition');?>
<fieldset>
<legend><?php __('Edit Audition');?></legend>
<?php
echo $form->input('ensemble');
echo $form->input('position');
echo $form->input('aud_date');
// The following line works fine...
echo $form->input('owner');
// ...but the following line blackholes when Security included
// and the form is submitted:
// echo $form->input('owner', array('disabled'=>'disabled');
?>
</fieldset>
<?php echo $form->end('Submit');?>
(I've commented out the offending line for clarity) I think I'm following the rules by using the form helper; as far as I can tell, this is a bug in the Security component, but I'm too much of a CakePHP n00b to know for sure. I'd love to get some feedback, and if it's a real bug, I'll submit it to the CakePHP team. I'd also love to know if I'm just being dumb and missing something obvious here.
(sorry to address comments here, but I didn't have enough space for them in comments)
UPDATE: Thanks Jesh, you're 100% right about that -- "an input value will not be submitted when it is disabled". I even looked it up on the official HTML spec, where it says, "[A disabled element] cannot receive user input nor will its value be submitted with the form". But Cake IS submitting the value with the form! When I disable using the Security Component, I can look at the POST data being submitted with the form, and sure enough, the 'owner' field has been submitted! Unfortunately, this is precisely the behavior I wanted, but it seems to be in disagreement with the official HTML spec...so I'm thinking that this is a bug with the standard form helper. I'll report this to the CakePHP team as a bug, but I'd love to hear from anyone who can confirm or refute this.
Also, Jesh, your idea to use the secure key and set it to false works great, but I really don't WANT to leave this field unsecured (in fact, I PARTICULARLY don't want to leave this field unsecured), and it seems to me that I shouldn't have to. In fact, now I'm thinking that this could ALSO be a bug in the Security component; I'm using the FormHelper to create my forms here -- so shouldn't the Security component be able to handle this??
@Miles: your solution works great too -- thanks! But it still leaves open the same questions I raised above.