CakePHP allowing, denying access using Auth -
i have model 'events' holds own info + user id. how grant access user whom event belongs?
you can add together check @ origin of view method see if authenticated user id matches of event. if not, redirect them "access denied" flash message. example, in eventscontroller add:
public function view($event_id) { // create sure event exists @ if (!$this->event->exists($event_id)) { throw new notfoundexception(__('no such event.')); } // event info $event = $this->event->findbyid($event_id); // match authenticated user user_id of event. if ($this->auth->user('id') != $event['event']['user_id']) { // no match, redirect user index action. $this->session->setflash(__('this not event!')); $this->redirect(array('action' => 'index')); } /** * if point reached, user owner of event. * rest of logic goes below point. */ } cakephp cakephp-2.0 cakephp-2.1
No comments:
Post a Comment