Cakephp’s Auth Component – edit/delete user’s comments

Users can edit or delete only his/her own comments. Admin can edit/delete others users comments. If the user wants to edit/delete someone’s else comment by clicking edit/delete button or by typing edit/delete comment URL with someone’s else comment’s id e.g.:
http://pict.uws.ac.uk/~sss04/cakephp/comments/edit/12 (fred is typing admin’s comment id=12)
the error message ‘You are not authorized’ appears:
comments1

There is no point to display edit/delete buttons associated with others users comments in comments view. To hide those buttons, comments index.ctp file should be updated. It compares logged-in user’s id with comment’s user id. If the ids match, edit and delete buttons are displayed, otherwise do not. It also checks if user’s role is ‘admin’. If so, the others users edit/delete comment buttons are displayed.
comments2

User ‘fred’ can only use edit/delete buttons associated with his own comments:
comments3

Found Bug – Cakephp’s Auth Component – edit/delete user’s comments

When browsing application pages, I found bug. Logged-in users can see edit/delete buttons associated with other users comments in posts view. Clicking on those buttons returns error message, so there is no point to display those buttons:
bug1

To hide edit/delete buttons associated with others users comments, posts index.ctp file should be updated. It compares logged-in user’s id with comment’s user id. If the ids match, edit and delete buttons are displayed, otherwise do not. It also checks if user’s role is ‘admin’. If so, the others users edit/delete comment buttons are displayed:
bug2

Right now user fred can see only his own edit/delete buttons:
bug3