Home/ Questions/Q 8666083
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T17:38:31+00:00

Working with cakePHP this is my situation: I have Users and Order s. Order

  • 0

Working with cakePHP this is my situation:

I have Users and Orders. Orders are created by Users. Only the user that created the Order is allowed to edit it. (admins can also, but I don’t think that is important).

I am using the standard Auth component and have an isAuthorized function in my OrdersController that checks if the user is logged in and stops users from performing actions that they are not allowed to perform.

I want to make a decision on whether or not the user can perform the action based on the params passed and the data that comes out of the database. i.e. does the user own the order they are trying to edit? I am currently checking inside each action if this is the case.

Is there a way that I can trigger the same workflow that is triggered by returning false from isAuthorized? maybe throwing an Exception?

I don’t want to do these finer checks inside the isAuthorized function, because it will require ugly methods of accessing the passed params, and duplication of data retrieval. How does cakePHP expect me to handle this?

(I have more complicated checks to make in other controllers)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is what you’re looking for:

    http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html#authorization-who-s-allowed-to-access-what

    overriding the AppController’s isAuthorized() call and internally
    checking if the parent class is already authorizing the user. If he isn’t, then just allow him to access the add action, and conditionally access
    edit and delete.

    Hope this helps

    • 0