On Wed, May 13, 2009 at 5:32 PM, Dave Maharaj :: WidePixels.com
<d...@widepixels.com> wrote:
> Quick question about ensuring functions can not be run from the URL. Would
> this be the correct setup?
>
> controller;
> $key = $this->Model->__someFunction($key);
>
> model:
> function __someFunction($key)
> {
> .......
> return $something;
> }
>
> If so basically anything double underscored is for cakes internal process?
> But my question comes from ACL where you define what actions a user has
> access to if
>
> function userIsAllowedThis ($id) {
>
> and
>
> $key = $this->Model->__someFunction($key);
>
> is in the allowed function does that still work if the user has access to
> the initial function?
>
No, private methods are completely separate from ACL A private method
may only becalled from code withing the class (eg. from some other
method) while a protected method may be called from within the class
or some derived class. Only public methods may be accessed directly as
in $this->Model->theMethod().
Therefore, ACL can only affect access to methods that are already public.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
