StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
14303308
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2013-01-13T12:12:26.230
FavoriteCount
0
LastActivityDate
2013-01-13T12:49:15.250
LastEditDate
2013-01-13T12:49:15.250
LastEditorUserId
1177905
OwnerUserId
1177905
ParentId
14294025
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
Most simple solution: Add a condition in your controller, so: <pre><code>$this->set('books', $this->Book->find( 'all', array('conditions' => array('Book.user_id' => $user['User']['id'])) ); </code></pre> Disadvantages: You will likely create duplicate code here since this check has to happen also in other places. Also when you start testing your model you can only test that it returns books, you cannot test a model method like: getMyBooks($userId). So no, not the preferred solution. Next solution: Check in the model It could be done by a check in for example your books model. You could just check in the afterfind() method whether the returned records are allowed or not. In your beforefind you could also add an additional condition to all queries. In general a model should be fat so I would suggest implementing clear methods there like: getAllBooks, getBooksOfUser($User), getLatestBooksOfUser($User) etc. Why is this a nice implementation? Because you now manage the access levels in a central place. You can test the model and you are sure it does only return books from this user. With beforeSave etc. you can intervene every save attempt and first check: hey, you want to save this but is this really your book? ACL solution But in general it could be wise to implement some ACL solution (preferably the built in one) since that makes you application much more future proof. It allows flexibility, for example: <blockquote> Each user may have access to a certain set of books. I don't need various roles. </blockquote> That's true for now but the future can change it. So if you need a quick solution just custom filter the records. But think about the future.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POCakePHP permissons : are ACLs overkill
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USLuc Franken
UserOwnerUserId
1. USLuc Franken
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. COIs there a specific reason to use beforefind() here? Couldn't we get by by setting a condition of books.user_id = $this->Auth->user...?
 singulars
 PostPostId
 PO
 UserUserId
 USJoe Smith
2. COExplained it in the answer, in short: No you cannot be sure that for example another developer just does a search for: $this->Book->find('all') and you are done. All books are published. So I would not trust that.
 singulars
 PostPostId
 PO
 UserUserId
 USLuc Franken

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.