In my data model, I've got a field that should be admin-editable only. Normal users can edit records in the model and view this specific field, but they should not be able to edit it. Is there a simple/clean approach to do this? I guess that it's necessary to create an extra admin_edit controller action, but what's the best way to "lock" a data field in the controller?
It's not necessary to create a new controller action, but you may decide so. Note that you can still use the same view for it using
$this->render("edit") see: http://book.cakephp.org/view/428/render
I think you should:
- use the same controller action, if that's not confusing for the users and admins
- display an input field only if the user is admin, and output the text for other users
- check for authorization in the controller
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki