SELECT `Aro`.`id`, `Aro`.`parent_id`, `Aro`.`model`, `Aro`.`foreign_key`, `Aro`.`alias` FROM `aros` AS `Aro` LEFT JOIN `aros` AS `Aro0` ON (`Aro`.`lft` <= `Aro0`.`lft` AND `Aro`.`rght` >= `Aro0`.`rght`) WHERE `Aro0`.`model` = 'User' AND `Aro0`.`foreign_key` = 3 ORDER BY `Aro`.`lft` DESC
SELECT `Aco`.`id`, `Aco`.`parent_id`, `Aco`.`model`, `Aco`.`foreign_key`, `Aco`.`alias` FROM `acos` AS `Aco` LEFT JOIN `acos` AS `Aco0` ON (`Aco0`.`alias` = 'Users') LEFT JOIN `acos` AS `Aco1` ON (`Aco1`.`lft` > `Aco0`.`lft` AND `Aco1`.`rght` < `Aco0`.`rght` AND `Aco1`.`alias` = 'index') WHERE ((`Aco`.`lft` <= `Aco0`.`lft` AND `Aco`.`rght` >= `Aco0`.`rght`) OR (`Aco`.`lft` <= `Aco1`.`lft` AND `Aco`.`rght` >= `Aco1`.`rght`)) ORDER BY `Aco`.`lft` DESC SELECT `Permission`.`id`, `Permission`.`aro_id`, `Permission`.`aco_id`, `Permission`.`_create`, `Permission`.`_read`, `Permission`.`_update`, `Permission`.`_delete`, `Aro`.`id`, `Aro`.`parent_id`, `Aro`.`model`, `Aro`.`foreign_key`, `Aro`.`alias`, `Aro`.`lft`, `Aro`.`rght`, `Aco`.`id`, `Aco`.`parent_id`, `Aco`.`model`, `Aco`.`foreign_key`, `Aco`.`alias`, `Aco`.`lft`, `Aco`.`rght` FROM `aros_acos` AS `Permission` LEFT JOIN `aros` AS `Aro` ON (`Permission`.`aro_id` = `Aro`.`id`) LEFT JOIN `acos` AS `Aco` ON (`Permission`.`aco_id` = `Aco`.`id`) WHERE `Permission`.`aro_id` = 6 AND `Permission`.`aco_id` IN (4, 3, 2) The result of that last call even looks pretty good to me: +----+--------+--------+---------+-------+---------+---------+------ +-----------+-------+-------------+--------+------+------+------ +-----------+-------+-------------+-------+------+------+ | id | aro_id | aco_id | _create | _read | _update | _delete | id | parent_id | model | foreign_key | alias | lft | rght | id | parent_id | model | foreign_key | alias | lft | rght | +----+--------+--------+---------+-------+---------+---------+------ +-----------+-------+-------------+--------+------+------+------ +-----------+-------+-------------+-------+------+------+ | 1 | 6 | 3 | 1 | 1 | 1 | 1 | 6 | NULL | User | 3 | deceze | 11 | 12 | 3 | 2 | NULL | NULL | Users | 2 | 13 | | 3 | 6 | 4 | -1 | -1 | -1 | -1 | 6 | NULL | User | 3 | deceze | 11 | 12 | 4 | 3 | NULL | NULL | index | 3 | 4 | +----+--------+--------+---------+-------+---------+---------+------ +-----------+-------+-------------+--------+------+------+------ +-----------+-------+-------------+-------+------+------+ 2 rows in set (0.00 sec) And just for completeness: $ cake acl view aco --------------------------------------------------------------- Aco tree: --------------------------------------------------------------- [2]ROOT [3]Users [4]index [5]edit [6]register [7]profile [8]delete But: $cake acl check deceze Users/index all deceze is allowed. On 8 Apr 2008, at 20:49, Dardo Sordi Bogado wrote: > > Can you post the SQL generated? > > On Tue, Apr 8, 2008 at 8:47 AM, David Christopher Zentgraf > <[EMAIL PROTECTED]> wrote: >> >> Those URLs are not loading for me right now, >> but I'm experiencing this on a Nightly from April 5th (I think). >> >> cake/libs/controller/components/acl.php: >> /* SVN FILE: $Id: acl.php 6491 2008-03-01 03:12:12Z nate $ */ >> ... >> >> >> >> On 8 Apr 2008, at 20:17, Dardo Sordi Bogado wrote: >>> >>> Bug #3851, >>> >>> https://trac.cakephp.org/ticket/3851 >>> https://trac.cakephp.org/changeset/6342 >>> >>> It's fixed in current versions. >>> >>> On Tue, Apr 8, 2008 at 6:01 AM, David Christopher Zentgraf >>> <[EMAIL PROTECTED]> wrote: >>>> >>>> Hi, >>>> >>>> Am I getting this right? With the ACL component, AROs inherit their >>>> permissions like this: >>>> >>>> Group [denied something] >>>> |- User [allowed something] >>>> >>>> In this case, the explicitly granted permission on the User >>>> overrides >>>> the general Group setting, allowing the User something >>>> specifically. >>>> With ACOs the opposite seems to be the case: >>>> >>>> Controller [allowing user] >>>> |- Action [denying user] >>>> >>>> In this case, the general permission on the Controller seems to >>>> override the explicitly forbidden Action. >>>> >>>> $ cake acl grant deceze Users all >>>> $ cake acl deny deceze Users/delete all >>>> >>>> $ cake acl check deceze Users/delete all >>>> deceze is allowed. >>>> >>>> Is this by design or a bug? >>>> >>>> Chrs, >>>> Dav >>>> >>>>> >>>> >>> >>>> >> >> >>> >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---