I have a table called websites
and a table called clients
Clients has many websites and a website belongs to a client
Now for this i have created the following connection in my Models
:
class Website extends AppModel
{
public $belongsTo = array(
'Client' => array(
'className' => 'Client',
'dependent' => false,
'foreignKey' => 'client_id'
)
);
}
class Client extends AppModel
{
public $hasMany = array(
'Website' =>array(
'className' => 'Website',
'dependent' => true,
'foreignKey' => 'client_id'
)
);
Now whenever a client goes to edit the client should ONLY be able to edit the website ids that belongs to that user.
However in my case any client is able to edit any websites.
is there a way to deny them access without hardcoding a check at the controller?
I mean there should be a way that the magic in cake can find only websites that belongs to that clientid