Reputation: 619
Owner based Authorization
I'm trying to make authorization based on owner of post. I store in one of post values owner of post. How do I allow only this author to edit only his post. Basic authentication restricts only for logged users, but not for author.
Upvotes: 1
Views: 416
Answers (1)
Reputation: 651
You'll want to do this in your controller function for editing. In case a post is being edited, first fetch the post being edited and check the id in the field against the value returned by in $this->Auth->user('id') (assuming you're using AuthComponent).
If they're the same, proceed with whatever your editing logic is. If not, you'll probably want to set a flash message (notifying the user that he/she isn't allowed to edit) and then redirect back to somewhere.
Upvotes: 1
Related Questions
- CakePhp and user permissions
- CakePHP 3.0 Role Based Access Control
- CakePHP 2.x ACL - Control at owner level
- CakePHP role based auth
- Authorization for cakephp
- CakePHP user control
- CakePHP Complicated authentication (specific user roles to specific controllers/areas)
- User authentication in cakephp
- Authorization and Authentication mechanism in CakePHP
- CakePHP authentication and the User model