Home/ Questions/Q 4334442
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T10:31:47+00:00

I am trying to alter my edit action so that a user can only

  • 0

I am trying to alter my edit action so that a user can only edit a post if it is their own.

Below is the edit action before I changed it:

function edit($id = null) {
    $this->Post->id = $id;
    if (empty($this->data)) {
        $this->data = $this->Post->read();
    } else {
        if ($this->Post->save($this->data)) {
            $this->Session->setFlash('Your post has been updated.');
            $this->redirect(array('action' => 'index'));
        }
    }
}

And then here’s what I tried to do, but didn’t succeed:

function edit($id = null) {
    if ($this->Auth->user('id') == $this->Post->user_id) {
        $this->Post->id = $id;
        if (empty($this->data)) {
            $this->data = $this->Post->read();
        } else {
            if ($this->Post->save($this->data)) {
                $this->Session->setFlash('Your post has been updated.');
                $this->redirect(array('action' => 'index'));
            }
        }
    } else {
        $this->Session->setFlash('You are not authorized to edit that post.');
        $this->redirect(array('action' => 'index'));
    }
}

Anybody know how I can achieve my desired functionality? Is there an easier way to do this with CakePHP’s automagic?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    public function edit($id) {
    $post = $this->Post->find('first', array(
        'conditions' => array('Post.id' => $id, 'Post.user_id' => $this->Auth->user('id')),
        'recursive'  => -1
    ));
    if (!$post) {
        $this->cakeError('error404');
    }

    if ($this->data) {
        $this->data['Post']['id'] = $id;
        if ($this->Post->save($this->data)) {
            $this->Session->setFlash('Your post has been updated.');
            $this->redirect(array('action' => 'index'));
        }
    } else {
       $this->data = $post;
    }
}
    • 0