Found Bug – Cakephp’s Auth Component – edit/delete user’s comments

When browsing application pages, I found bug. Logged-in users can see edit/delete buttons associated with other users comments in posts view. Clicking on those buttons returns error message, so there is no point to display those buttons:

To hide edit/delete buttons associated with others users comments, posts index.ctp file should be updated. It compares logged-in user’s id with comment’s user id. If the ids match, edit and delete buttons are displayed, otherwise do not. It also checks if user’s role is ‘admin’. If so, the others users edit/delete comment buttons are displayed:

Right now user fred can see only his own edit/delete buttons: