开发者

CakePHP check or add user id to posts

开发者 https://www.devze.com 2023-04-11 23:01 出处:网络
I have the following two actions in my controller: function add() { if (!empty($this->data)) { if ($this->Favour->save($this->data))

I have the following two actions in my controller:

function add()
    {
        if (!empty($this->data))
        {
            if ($this->Favour->save($this->data))
            {
                $this->Session->setFlash('Your favour has been saved.');
                $this->redirect(array('controller'=>'favours','action'=>'index'));
            }
        }
    }

    function edit($id = null)
    {
        $this->Favour->id = $id;
        if (empty($this->data))
        {
            $this->data = $this->Favour->read();
        }
        else
        {
            if ($this->Favour->save($this->data))
            {
                $this->Session->setFlash('Your favour has been updated.');
                $this->redirect(array('controller'=>'favours','action'=>'index'));
            }
        }
    }

1) I want to be able to add the logged in user id to the add action so that the new post is created with that user as its author id (their is a foreign key in the db table). I'm not sure how to talk to fields within the controller itself.

2) And for the edit action I want to make it so that only the author can edit the post so for example user 200 creates post 20 but user 100 cannot edit this post because his id is not 200! I'm not using ACL for my app but just simple authentication.

I've thought about doing a simple if statement in the action like:

function edit($id = null)
    {
        $this->Favour->id = $id;
        $this->Favour->user_id = $user_id;

        if($this->Auth->user('id') != $user_id)
        {
            $this->Session->setFlash('You do not have permission to edit that favour!');
            $this->redirect(array('controller'=>'favours','action'=>'index'));
        }
        else
        {
            if (empty($this->data))
            {
                $this->data = $this->Favour->read();
            }
            else
            {
                if ($this->Favour->save($this->data))
                {
                    $this->Session->setFlash('Your favour has been updated.');
                    $this->redirect(array('controller'开发者_运维问答=>'favours','action'=>'index'));
                }
            }
        }

Would this be correct? BUT how do I get the user id from the favour?


function add() {
    if (!empty($this->data)) {
        $this->data['Favour']['user_id'] = $this->Auth->user('id');
        if ($this->Favour->save($this->data)) {
            //etc

This code assumes:

  • Your user is logged in
  • the user can access the add function
  • You are storing the id value of the logged in user in the field id
  • You have a foreign key in Favours table called user_id that matches the data type of the user id

As for edit; couple ways of achieving it. I'd do:

function edit($id) {
    $this->Favour->id = $id;
    $favour_author = $this->Favour->field('user_id'); 
    // get the user of this post

    if($this->Auth->user('id') != $favour_author) {
        $this->Session->setFlash('You do not own this post.');
        $this->redirect('/someplace');
    }

    if (empty($this->data)) {
        $this->data = $this->Favour->read();
    }
        // carry on.


If you use Auth Component, you can access the logged-in user record in $this->Auth->user() in controller. So to access the id: $this->Auth->user('id'). If you write your own authentication, it's up to you.

how to talk to fields within the controller itself.

What do you mean?

0

精彩评论

暂无评论...
验证码 换一张
取 消