Add code to stop user edit/delete other users' information.

kevguy · Nov 5, 2015 · 06e5a52 · 06e5a52
1 parent 52d82a6
commit 06e5a52
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php
@@ -8,6 +8,15 @@ public function beforeFilter() {
 		$this->Auth->allow('add');
 	}
 
+	public function isAuthorized($user){
+		if (in_array($this->action, array('edit', 'delete'))) {
+			if ($user['id'] != $this->request->params['pass'][0]) {
+				return false;
+			}
+		}
+		return true;
+	}
+
 	public function login() {
 		// check the request type to see if it's a post request
 		// if it is, that means someone is trying to login and submit the form 

diff --git a/app/View/Layouts/default.ctp b/app/View/Layouts/default.ctp
@@ -49,6 +49,7 @@ $cakeDescription = __d('cake_dev', 'CakePHP: the rapid development php framework
 				<?php endif; ?>
 			</div>
 			<?php echo $this->Session->flash(); ?>
+			<?php echo $this->Session->flash('auth'); ?>
 
 			<?php echo $content_for_layout; ?>