Home/ Questions/Q 6679473
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T04:21:48+00:00

I have the following two actions in my controller: function add() { if (!empty($this->data))

  • 0

I have the following two actions in my controller:

function add()
    {
        if (!empty($this->data))
        {
            if ($this->Favour->save($this->data))
            {
                $this->Session->setFlash('Your favour has been saved.');
                $this->redirect(array('controller'=>'favours','action'=>'index'));
            }
        }
    }

    function edit($id = null)
    {
        $this->Favour->id = $id;
        if (empty($this->data))
        {
            $this->data = $this->Favour->read();
        }
        else
        {
            if ($this->Favour->save($this->data))
            {
                $this->Session->setFlash('Your favour has been updated.');
                $this->redirect(array('controller'=>'favours','action'=>'index'));
            }
        }
    }

1) I want to be able to add the logged in user id to the add action so that the new post is created with that user as its author id (their is a foreign key in the db table). I’m not sure how to talk to fields within the controller itself.

2) And for the edit action I want to make it so that only the author can edit the post so for example user 200 creates post 20 but user 100 cannot edit this post because his id is not 200! I’m not using ACL for my app but just simple authentication.

I’ve thought about doing a simple if statement in the action like:

function edit($id = null)
    {
        $this->Favour->id = $id;
        $this->Favour->user_id = $user_id;

        if($this->Auth->user('id') != $user_id)
        {
            $this->Session->setFlash('You do not have permission to edit that favour!');
            $this->redirect(array('controller'=>'favours','action'=>'index'));
        }
        else
        {
            if (empty($this->data))
            {
                $this->data = $this->Favour->read();
            }
            else
            {
                if ($this->Favour->save($this->data))
                {
                    $this->Session->setFlash('Your favour has been updated.');
                    $this->redirect(array('controller'=>'favours','action'=>'index'));
                }
            }
        }

Would this be correct? BUT how do I get the user id from the favour?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    function add() {
    if (!empty($this->data)) {
        $this->data['Favour']['user_id'] = $this->Auth->user('id');
        if ($this->Favour->save($this->data)) {
            //etc

    This code assumes:

    • Your user is logged in
    • the user can access the add function
    • You are storing the id value of the logged in user in the field id
    • You have a foreign key in Favours table called user_id that matches the data type of the user id

    As for edit; couple ways of achieving it.
    I’d do:

    function edit($id) {
    $this->Favour->id = $id;
    $favour_author = $this->Favour->field('user_id'); 
    // get the user of this post

    if($this->Auth->user('id') != $favour_author) {
        $this->Session->setFlash('You do not own this post.');
        $this->redirect('/someplace');
    }

    if (empty($this->data)) {
        $this->data = $this->Favour->read();
    }
        // carry on.
    • 0