Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Debuggable Blog:
Simple Data Access Control
Aug 25, 2008 @ 07:56:50

In a new post to the Debuggable blog Felix Geisendorfer illustrates a simple access rights system that can be plugged into any CakePHP application you might be developing.

If your application is like most, then you have some basic permission requirements for your data. A simple scenario is the following. Blog posts can only be edited by their owners and administrators. Same goes for viewing unpublished blog posts.

His example modifies the typical "posts" controller to add in a new model (User) with a permission check (can) and a model that implements it into the PostsController to ensure that a user can view any given posting.

tagged: post access control user permission model cakephp framework