I think that would best be left to the controller. Think of what the C
in ACL stands for.
To avoid repeating code, create a protected method _changeStatus() and
check there if the User is allowed.
On Mar 8, 3:39 pm, sawa <sava.ra...@xxxxxxxxx> wrote:
> I was wondering if it's possible to use ACL in model instead of the
> Let's say I have fat models and I have model method change_status.
> Now, in my controllers I may invoke $mymodel->change_status on couple
> of places and I don't want to check if user is authorized to do
> change_status everywhere. Instead of that I want to check if user is
> authorized in the model, so when I invoke that method in my
> controllers I don't have to worry about forgetting to check user
> privileges for that operation.
> Any ideas?
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
To post to this group, send email to cake-php@xxxxxxxxxxxxxxxx
To unsubscribe from this group, send email to
cake-php+unsubscribe@xxxxxxxxxxxxxxxx For more options, visit this group at