Central ACL Check
With checking ACL’s, the code I use is as follows:
$info = $this->Member->read(null, $id); // Check for permissions to edit this account if ( !$this->Acl->check(array('model' => 'Member', 'foreign_key' => $this->Auth->user('member_id')), $info['Member']['username'], 'update') ) { $this->Session->setFlash(__('You are not allowed to edit this user. -- ' . $this->Auth->user('member_id'), true)); $this->redirect(array('action'=>'index')); }
While this works and is not that bad of an idea at all, there is a way to centralize this check and put it in the main app_controller.php file.
(more…)