zend acl for list of records to view

Question

I've got a list of trades (lets say some records) made by different users in my Zend framework based application.

I want to allow users to view only their trades, and if they try to view another user's trade by changing the url by themselves. They would get a message that they don't have permission to view or change anything.

Kindly help me figure out how can I do this using Zend, ACL, or another better way.

Do you store you trades(records) in the database? – Tamara Jun 11 '13 at 18:17 — Tamara, Jun 11 '13 at 18:17

score 0 · Answer 1 · answered Jun 14 '13 at 20:14

In this situation I wouldn't use ACL for restricting access to the list of trades. Instead in controller's action, which get list of trades and pass them to the view, I would check who is owner of each list and compare this owner with a logged in user.

zend acl for list of records to view

1 Answers1