This would be ok, if the actions were the same for each controller. But, I would like each user to have one set of actions for 1 controller and a different set for another controller.
I am afraid this problem just get exponential the more users and organizations and roles there are..... Just thinking out loud...... what if I make the Org a requester, instead of an ACO? does this make it easier? or change the aro tree, so the user is the parent, and the org and org groups/roles are the children. Does this work? On 4/10/2012 9:45 AM, GerarD [via CakePHP] wrote: > > Well, I needed something with role and access for a system I was > working on. > > What I did was to create a field called Access in the DB to control > access to each Module of the system, and another field called Actions > to control wich "actions" they could performe. > . > So I have 2 Modules, one called Distributors, and one called Personals. > > By the moment I create a user that could access Distributors, I saved > that controllers name in the field Access as a string. But I don't > want him to edit the info of the Distributors, just view and search. > Well, I save a string as "view; search" in Actions. > > Then, in app/appController: > > public $components = array( > 'Session', > 'Auth' => array( > 'loginRedirect' => array('controller' => '', 'action' => > 'index'), > 'logoutRedirect' => array('controller' => 'users', > 'action' => 'login'), > 'authorize' => array('Controller') // I want to check > every controller the user Access. > ) > ); > and, as I can read the info from the Auth method in the appController: > > public function isAuthorized($user) { > if(isset($user['role']) && $user['role'] === 'admin') { // admin > can access all actions > return true; > } > if(in_array($this->action, array('index', 'view', 'search', 'add')){ > $controller = $this->params['controller']; > $action = $this->action; > $allow_controllers = explode('; ', $user['Access']); //list of > controllers in Access > $allow_actions = explode('; ', $user['Actions']); //list of actions in > Actions > > //Now we check if this user has access to the Controller > and the Action his trying to see. > > if(in_array($controller, $user['Access']) && in_array($action, > $user['Actions'])){ > return true; //he can > } > } > return false; /he can't. Sorry. > } > > And that's it. It's very simple but it works for me =). Now you can > add as many controllers as you need in the future, and you won't have > to rewrite the code. Just give access to the users you want in your > Users Module. Hope it helps... > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and > help others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [hidden email] </user/SendEmail.jtp?type=node&node=5629951&i=0> For > more options, visit this group at http://groups.google.com/group/cake-php > > > ------------------------------------------------------------------------ > If you reply to this email, your message will be added to the > discussion below: > http://cakephp.1045679.n5.nabble.com/Is-this-too-complicated-tp5628799p5629951.html > > > To start a new topic under CakePHP, email > ml-node+s1045679n125572...@n5.nabble.com > To unsubscribe from CakePHP, click here > <http://cakephp.1045679.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=1255722&code=YmlsbC5zdG9sdHpAYm9vc3RlcndlYnNvbHV0aW9ucy5jb218MTI1NTcyMnwtNTU0NTk2MTUy>. > NAML > <http://cakephp.1045679.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > > -- View this message in context: http://cakephp.1045679.n5.nabble.com/Is-this-too-complicated-tp5628799p5631451.html Sent from the CakePHP mailing list archive at Nabble.com. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php