this is my first post and I am still very new to the Phalcon-Framework, but I already love it. Now I am facing a problem and I couldn't find a way how to solve it yet. The following is only one example, in fact, I have this problem frequently in my application.
In my application, I have two roles, "users" and "admins". The profiles-controller has an action called "show" in order to show the profile of a user. The parameter of the show-action is the user-id. Now what I want is that regular users (role: user) are only allowed to use the "show"-action with the parameter of their own user-id stored in the session. Admins should be allowed to use any parameter wich allows them to view all profiles of all users. Is this realizable with the Acl-List and a Security-Plugin or is my whole approach wrong or too complicated?
Thank you and all the best, MSP