Re: Accessing fields of 'Events' model to compare user_id.

Instead of using isAuthorized() just ensure that Auth doesn't allow
the edit action. Pass the Event.id to that action and then test for
the current User.id.

Also, instead of testing the role, just create an admin_edit() action
and let Cake handle authorization.

public function edit($id = null)
{
if (empty($id))
{
// no good
}

if (!empty($this->request->data))
{
// save
}
else
{
$data = $this->Event->read(null, $id);

if ($data['Event']['user_id'] != $this->Session->read('Auth.User.id'))
{
// disallow
}

// ...
}
}

On Sat, Nov 17, 2012 at 2:49 PM, Daniel Toppin <danieltoppin3@gmail.com> wrote:
> Hi all
> I am fairly new to CakePHP, I am trying to only allow those users who
> created an event to be able to edit or delete an event, so I am comparing
> the current user id, with the 'user_id' field of the event the current event
> (saved when a user creates an event). Any help would be appreciated thanks,
> my code(Andrew Perk) is as follows:
>
> public function isAuthorized($user) {
> $this->loadModel('User');
> if ($user['role'] == 'admin') {
> return true;
> }
> if (in_array($this->action, array('edit', 'delete'))) {
> if ($user['id'] != $this->request->data['Event']['user_id']) {
> //////////////////// THIS IS THE LINE I FEEL IS WRONG - PLEASE ADVISE
> //echo debug($event['user_id']);
> //$this->Session->setFlash(__('You are not allowed to edit
> someones event'));
> return false;
> }
> }
> return true;
> }
>
> --
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>
> ---
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To post to this group, send email to cake-php@googlegroups.com.
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com.
> Visit this group at http://groups.google.com/group/cake-php?hl=en.
>
>

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.