I know Auth normally restricts all actions except add/login, etc. But if a model

Question

0

Asked: May 24, 20262026-05-24T11:43:07+00:00 2026-05-24T11:43:07+00:00

I know Auth normally restricts all actions except add/login, etc. But if a model

0

I know Auth normally restricts all actions except add/login, etc.

But if a model has a default delete() function in the controller, how is it normally done in the CakePHP way to make sure that an authenticated user can’t delete a id that does not belong to him? Yeah I know I could look up the user_id of the thing that is being deleted and compare it to the Auth.Userid but is there an easier way?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T11:43:08+00:00

Editorial Team

2026-05-24T11:43:08+00:00Added an answer on May 24, 2026 at 11:43 am

I think only login is allowed by default.

I don’t think there’s an easier way, but there’s certain shortcut that you can take:

function delete(){
    if(!empty($this->data)){
      $this->Model->id = $this->data['Model']['id'];
      if($this->Model->field('user_id') == $this->Auth->user('id'))$this->Model->delete();
    }
    //redirect somewhere
 }

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I know Auth normally restricts all actions except add/login, etc. But if a model

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply