Cody Sortore | 1 Jun 22:11 2012
Picon

Comparing fields in the controller

Ok, I've got a system where users can create their own blogs.  The blogs belong to the users, the blogposts belong to the blogs.  I was trying to create a comparison for editing blogposts that compares the users user ID from their session to the Blog ID (which is the same as their User ID).  This way someone who doesn't own an article can't edit it.  I'm having trouble retrieving the blog_id from the blogposts table though.  I tried using this but it doesn't seem be pulling the info in.


$bid = $this->Blogpost->find(null, array('conditions' => array('Blogpost.id' => $id), 'fields' => array('Blogpost.blog_id')));

What I want is:

SELECT `blog_id` FROM `blogposts` WHERE id = $id

But even when I run:

$bid = $this->Blogpost->query("SELECT `blog_id` FROM `blogposts` WHERE id = $id");

The if statement still fails.

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/cake-php
stork | 1 Jun 23:45 2012
Picon

Re: Comparing fields in the controller


$this->Blogpost->find(null, array(...));

Find type must be a string. Use $this->Blogpost->find('first', array(...)) or $this->Blogpost->read(array('Blogpost.blog_id'), $id);

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/cake-php
stork | 1 Jun 23:56 2012
Picon

Re: Comparing fields in the controller

By the way, read whole chapter about model associations http://book.cakephp.org/2.0/en/models/associations-linking-models-together.html and follow cake conventions for primary/foreign keys - that means NOT User.id == Blog.id BUT User.id == Blog.user_id.

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/cake-php
Cody Sortore | 2 Jun 03:12 2012
Picon

Re: Comparing fields in the controller

I know I didn't post all or even much code so you probably misunderstood me.  With my blog table I do have an `id` and a `user_id` column it's just that instead of using auto_increment for the `id` column I set it the same as the users `id` with

$this->request->data['Blog']['id'] = $this->Session->read('Auth.User.id');

when a new blog is created... I know it's probably wrong to do so, but it is easier for me to keep track of things, and then when I'm verifying if someone should be editing a blog or whatever I just have to compare the Blog.id to their session id... I'm a newb so I don't understand how to do it any other way especially when you start distancing yourself from the root association (for example user owns a blog but the blog posts belong to the blog)  I guess in that instance I really should just add a user_id column to the blog posts.  I just wasn't that smart when I started this.

Anyways, besides that neither solution worked and really the query selection should have worked... so I think I'm just going to add a user_id field to the posts and verify ownership the same way I have been with blogs, profiles, and everything else users own.

Sorry if I've wasted your time with newbie issues :-P

On Friday, June 1, 2012 4:56:42 PM UTC-5, stork wrote:
By the way, read whole chapter about model associations http://book.cakephp.org/2.0/en/models/associations-linking-models-together.html and follow cake conventions for primary/foreign keys - that means NOT User.id == Blog.id BUT User.id == Blog.user_id.

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/cake-php
stork | 2 Jun 10:23 2012
Picon

Re: Comparing fields in the controller


when a new blog is created... I know it's probably wrong to do so, but it is easier for me to....

You're right - it is wrong. Although it is technically possible, it would cause many side effects you would have to solve in app code. Follow cake conventions and cake will help you to do what you want behind the scene. Don't fight cake as a newbie, let it help you :-)
 
Besides, from the architectural point of view, "is this user authorized to call this action" should be decided before action is called, it is work for isAuthorized() callback, for example see how it is done here:
http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html#authorization-who-s-allowed-to-access-what

In your case, where BlogPost belongsTo Blog belongsTo User, your custom method BlogPost::isOwnedBy() would test Blog.user_id - you _can_ set conditions for "parent" model record associated as belongsTo, therefore adding field user_id to blog_posts table is not necessary.

Sorry if I've wasted your time with newbie issues :-P

No need to be sorry, this is right place to ask questions. Well, one of them ;-) http://ask.cakephp.org/

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/cake-php
Cody Sortore | 2 Jun 19:10 2012
Picon

Re: Comparing fields in the controller

Sweet!  Thanks for the tips, I think you're right, gonna do a lot of reading on associations before I get back to coding and create more work for myself than I need to ;-)

On Saturday, June 2, 2012 3:23:40 AM UTC-5, stork wrote:


when a new blog is created... I know it's probably wrong to do so, but it is easier for me to....

You're right - it is wrong. Although it is technically possible, it would cause many side effects you would have to solve in app code. Follow cake conventions and cake will help you to do what you want behind the scene. Don't fight cake as a newbie, let it help you :-)
 
Besides, from the architectural point of view, "is this user authorized to call this action" should be decided before action is called, it is work for isAuthorized() callback, for example see how it is done here:
http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html#authorization-who-s-allowed-to-access-what

In your case, where BlogPost belongsTo Blog belongsTo User, your custom method BlogPost::isOwnedBy() would test Blog.user_id - you _can_ set conditions for "parent" model record associated as belongsTo, therefore adding field user_id to blog_posts table is not necessary.

Sorry if I've wasted your time with newbie issues :-P

No need to be sorry, this is right place to ask questions. Well, one of them ;-) http://ask.cakephp.org/

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/cake-php

Gmane