Cakephp - I want a user to be able to edit his own (nobody elses) profile. Do I really need ACL

Is using the Auth component and then just checking that $this->Auth->User($id) equals开发者_如何转开发 the user_id of the profile to be edited enough?

Is there some drawback to doing this instead of having to go through the brain-pain of ACL?

No need to use ACL in my opinion. Even if you're using ACL, you would still have to perform the check. A simple check in the action to make sure that the profile is being edited should be fine.

I do a dozen projects or so each year in Cake and I haven't used the ACL component in long time. I've found a simple group-based permissions work great. I set $this->Auth->authorize = 'controller', and then override isAuthorized() in the app controller to handle checking if the user has permission to execute the action.

Using ACL for such a simple process is like bringing tanks to rid your house of cockroaches.

All you need to do is define a condition in the beforeFilter for the particular action checking if the $this->request->params['pass'][0] is equal to the user_id of the logged in user.