Auth is NOT Access Control, It is simply authentication. You know the
user is real and has validated.
Access Control at a data level requires a bit more than Auth.
In general you can build up ACL (Access Control List) where you can
then control which data is visible to different request objects.
If you really don't need full ACL and you just want to limit the user
you can add a check against the Auth components current User id and
compare to the id they are trying to edit/view etc.
$this->Auth->user('id');
More info can be found here:
http://book.cakephp.org/view/1242/Access-Control-Lists
On Sep 2, 12:55 pm, tubiz <tayi...@gmail.com> wrote:
> I have already setup the auth component and it is working perfectly.
> But I just discovered a problem.
> There are two users in my users table when I am login as one of the
> users I can access the other users details just by changing the i.d.
> This wouldnt be secure as a login user can access all the details of
> other users,
> Please how can I stop this so that a logged in user is only able to
> view his details only and not other users details.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
