I'm trying to make a blogging system but obviously certain users in certain groups should only be able to edit/delete their own posts/comments. How would I go about doing this in CakePHP? I followed the manual's basic Acl guide to setup my current Auth system.
A:
Assuming you have a Post and Comment model and the user_id is present via the $this->Auth->... object, you could define a generic method in your model:
function allowUserPost($user_id, $post_id) {
// Then check if this $user_id owns the $post_id
// if true, return true, if false, return false
}
In your controller:
function deletePost($post_id) {
if($this->Post->allowUserPost($user_id, $post_id) {
// Go ahead, delete
} else {
// Deny
}
matiasf
2010-05-31 12:00:16
... And also similar functions if you want to control read or edit access. In short, you have to roll your own record-level locking. The Cake ACO system doesn't support that, and it's one of my bigger issues with the framework. Anyone heard of how well Symfony or Zend does record level access control?
Travis Leleu
2010-05-31 17:13:49