Home/ Questions/Q 7775981
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T17:45:41+00:00

how to make the registered user can edit only their data but not others.

  • 0

how to make the registered user can edit only their data but not others. When it was set up ACL(aro and aco).
My settings:

class User extends AppModel {

public function bindNode($user) {

    return array('model' => 'Group', 'foreign_key' => $user['User']['group_id']);

}

class AppController extends Controller {

public $components = array(
    'Acl',
    'Auth' => array(
        'authorize' => array(
            'Actions' => array('actionPath' => 'controllers')
        )
    ),
    'Session'
);
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should add the isAuthorized method to your controller. In this method you check that the users are authorized for the actions they are trying to do with the parameters they are passing. You could use code like this:

    switch ($this->action) {
    case 'delete':
    case 'edit':
        // id of what they are trying to edit
        $this->Topic->id = $this->params['pass'][0];
        // id of the owner of what they are trying to edit
        $ownerId = $this->Topic->field('user_id');

        $userId = $this->Auth->user('id');
        if ($ownerId == $userId) {
            // allow users to edit or delete their own topics
            return TRUE;
        } else {
            // allow admin group to edit any topic
            return $this->Auth->user('group') == 'admin';
        }
}

    If you want to use Cake’s ACL system for checking permissions rather than hard-coding checks like “user is a member of admin group”, see the tutorial here: http://jonisalonen.com/2010/role-based-acl-in-cakephp/
    It was written for Cake 1.3 though, I haven’t checked if there are major differences.

    • 0