I’m trying to make authorization based on owner of post. I store in one of post values owner of post. How do I allow only this author to edit only his post. Basic authentication restricts only for logged users, but not for author.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m trying to make authorization based on owner of post. I store in one of post values owner of post. How do I allow only this author to edit only his post. Basic authentication restricts only for logged users, but not for author.
You’ll want to do this in your controller function for editing.
In case a post is being edited, first fetch the post being edited and check the id in the field against the value returned by in $this->Auth->user(‘id’) (assuming you’re using AuthComponent).
If they’re the same, proceed with whatever your editing logic is. If not, you’ll probably want to set a flash message (notifying the user that he/she isn’t allowed to edit) and then redirect back to somewhere.