开发者

CakePHP check or add user id to posts

问答 作者:

I have the following two actions in my controller:

function add()
    {
        if (!empty($this->data))
        {
            if ($this->Favour->save($this->data))
            {
                $this->Session->setFlash('Your favour has been saved.');
                $this->redirect(array('controller'=>'favours','action'=>'index'));
            }
        }
    }

    function edit($id = null)
    {
        $this->Favour->id = $id;
        if (empty($this->data))
        {
            $this->data = $this->Favour->read();
        }
        else
        {
            if ($this->Favour->save($this->data))
            {
                $this->Session->setFlash('Your favour has been updated.');
                $this->redirect(array('controller'=>'favours','action'=>'index'));
            }
        }
    }

1) I want to be able to add the logged in user id to the add action so that the new post is created with that user as its author id (their is a foreign key in the db table). I'm not sure how to talk to fields within the controller itself.

2) And for the edit action I want to make it so that only the author can edit the post so for example user 200 creates post 20 but user 100 cannot edit this post because his id is not 200! I'm not using ACL for my app but just simple authentication.

I've thought about doing a simple if statement in the action like:

function edit($id = null)
    {
        $this->Favour->id = $id;
        $this->Favour->user_id = $user_id;

        if($this->Auth->user('id') != $user_id)
        {
            $this->Session->setFlash('You do not have permission to edit that favour!');
            $this->redirect(array('controller'=>'favours','action'=>'index'));
        }
        else
        {
            if (empty($this->data))
            {
                $this->data = $this->Favour->read();
            }
            else
            {
                if ($this->Favour->save($this->data))
                {
                    $this->Session->setFlash('Your favour has been updated.');
                    $this->redirect(array('controller'开发者_运维问答=>'favours','action'=>'index'));
                }
            }
        }

Would this be correct? BUT how do I get the user id from the favour?

function add() {
    if (!empty($this->data)) {
        $this->data['Favour']['user_id'] = $this->Auth->user('id');
        if ($this->Favour->save($this->data)) {
            //etc

This code assumes:

  • Your user is logged in
  • the user can access the add function
  • You are storing the id value of the logged in user in the field id
  • You have a foreign key in Favours table called user_id that matches the data type of the user id

As for edit; couple ways of achieving it. I'd do:

function edit($id) {
    $this->Favour->id = $id;
    $favour_author = $this->Favour->field('user_id'); 
    // get the user of this post

    if($this->Auth->user('id') != $favour_author) {
        $this->Session->setFlash('You do not own this post.');
        $this->redirect('/someplace');
    }

    if (empty($this->data)) {
        $this->data = $this->Favour->read();
    }
        // carry on.

If you use Auth Component, you can access the logged-in user record in $this->Auth->user() in controller. So to access the id: $this->Auth->user('id'). If you write your own authentication, it's up to you.

how to talk to fields within the controller itself.

What do you mean?

继续阅读:cakephpphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9