I need to be be pointed to the right direction. I am writing a simple application where a user can log in and see their task list. I want the app secure. I can only get as far as authenticating a user to access the entire site. Obviously that's not what I want. I want them to access ONLY their own accounts. Is there a good site to read about this? I'm learning v2.x . Thanks
I could not think of any site other than the book. That is how I implemented mine. I set the logged user in app controller's beforeRender callback. That way it is available in all controllers.
I then have a function in the users controller called dashboard
function dashboard($userId = NULL) {}
If the userId matches the one in the logged user, or in my case, the user is an admin, then proceed, else redirect the user with a message that they are not permitted.
All of this is if you are using only the Auth component. If you want to use the ACL component too, you will have to check if the user is also permitted to access the page.
Sources http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html