I have a table called websites and a table called clients
Clients has many websites and a website belongs to a client
Now for this i have created the following connection in my Models:
class Website extends AppModel
{
public $belongsTo = array(
'Client' => array(
'className' => 'Client',
'dependent' => false,
'foreignKey' => 'client_id'
)
);
}
class Client extends AppModel
{
public $hasMany = array(
'Website' =>array(
'className' => 'Website',
'dependent' => true,
'foreignKey' => 'client_id'
)
);
Now whenever a client goes to edit the client should ONLY be able to edit the website ids that belongs to that user.
However in my case any client is able to edit any websites.
is there a way to deny them access without hardcoding a check at the controller?
I mean there should be a way that the magic in cake can find only websites that belongs to that clientid
Now, if you have properly set the Auth Component with Client Model, i mean that one client can not modify other client, but you need to cross check for the website they are editing belongs to them or not this might help..
public function _check_member($client,$website){
$this->loadModel('Website');
$options = array(
'conditions' => array('Website.client_id' => $client,'Website.id' => $website),
'recursive' => 0
);
$website = $this->Website->find('first', $options);
if($website){
return true;
}else{
return false;
}
}
and you will call the function with $this->_check_member($client_id,$website_id); Now only to the client this website belongs to will return 1.
But if your clients are able to edit one another, you should look into auth component. here is a video tutorial Auth Component setup , if you are having problems setting up auth component using the client model because every tutorial shows how to do it with user model, which is default, let me know in the comments.