Re: Limit output from DB based on user_id

Hi and thanks for replies!!!!

Ok, that was what I was thinking. Now, perhaps you could give me a
hand on the best practice on a more advanced ownership of rows!?!

I am looking to "lock" down the db queries as much as possible, only
displaying the results that belongs to a user.

My app is built like this:

DB:
- team
id, name, user_id (what user it belongs to)

- user
id, name++, team_id (what team the user owns)

models are associated with each other.

routes:
domain.com
team1.domain.com
team2.domain.com
domain.com/admin & team*.domain.com/admin

Controllers:
teams_controller
users_controller

Now, I will try to explain:
- When a visistor visit domain.com, there is a "regular" website, with
some blablabla, and a list of teams.
- Visitor visit team1.domain.com, there is a website for the team1
(using their selected theme and so on)
- Visitor visit */admin, there is a admin area for team-owners (select
theme, write their content and so on)

Perhaps you could suggest any approach/best practice to "lock" down
the db access on these areas?
Example, when visitor visits team*.domain.com, every single db request
should be using the teamID (there are more tables/rows that have
team_id)
What is the best approach to get this id from db? ID WHERE teamname ==
team1 ? bootstrap? Routes?
And where to save it to use in every other find request in controllers
- Was thinking sessions? and destroy the session, and create a new one
if user visits another team or the mainpage ?

What do you think?

Same goes for admin, the best place to save the teamID, to use in all
controllers (write to config? Session?)

I am not sure how to proceed to really lock it down, so that teamID
only values are pulled from DB, and to completely remove the chance
that other team owners/visitors get access to other team information
without visiting their website/admin panel login.

Yet again!
Thanks for any and all help on this ;)

Kind regards!
-Tom

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.

To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php