I'm about to write a simple community type site - user profiles, blogs, forum, etc -and I am thinking of using Cake's built in ACL system, which seems worth it alone for the nested structure they manage for you
I'm wondering what the best practices are for adding ACO's and ARO's; obviously, my users would each have their own associated ARO's, but what about things like user profiles and blog posts? My first guess is to automatically assign all users read access on everything in say the "blogs" or "forums" parent access goups, but what about individual items - is it overkill to assign an ACO to every single blog post or forum post or user profile that assigns write access to the author? or would it make more sense just to check this at the controller/view level and not assign an ACO for the individual item - something like, when you access posts/edit/15, - if post->author != session->user_id then redirect to an unauthorized access error please feel free to let me know if that doesn't make any sense thanks in advance - ryan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
