I have a User and Profile controller in an application I am working on.In my model files a User hasOne profile and a Profile belongsTo a User.
The problem I am having is that if a logged in user wants to edit his profile he can eidt other Users profile just by changing the value of id in the link. Example /profiles/edit/1 where 1 is the id of the user. I would like to know how to prevent this so that a user can only edit his profile only. WOuld also like to know if there is a way to eidt a profile or user details without passing the value of the id. SO instead of a user visiting /profiles/edt/1 ot edit his profile he should visit profiles/ edit instead. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
