Home/ Questions/Q 6160759
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T21:21:33+00:00

I let users create a profile and use 36 chars profile id’s. The users/profile.ctp

  • 0

I let users create a profile and use 36 chars profile id’s. The users/profile.ctp file was originally the users/view.ctp file baked by Cake.

The url looks like example/users/profile/3213123-12313-12313-4544534

I want to prevent that other users access each others profiles or edit pages: e.g. achievements/edit

I block certain actions with ACL, but users are in the same ‘group’ with the same access rights.

How can I make sure that a user can only access his profile / methods and that users that access other people profiles through the url are redirected to the homepage. Should I do this through advanced ACL or do I miss some simple code here.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    when your user is connected, his info stays in session. So in your UsersController you could do something like this:

    function profile($user_id){ // let's say that the 36chars is the user's id
    if($user_id !== $this->Auth->user('id')){
        $this->cakeError("error404"); // or redirect to a view saying that he doesn't have access
    }

    // ... do your stuff
}

    maybe you’ll need to do the same thing in different methods of different controllers. You might create a Component to do this, or add a method in the AppController.

    Good Luck!

    • 0