On Dec 2, 10:38 am, AD7six <[EMAIL PROTECTED]> wrote:
> gk wrote:
> > Hi there
>
> > I'm trying to work out how to get all the access control objects an
> > access request object can access - for example all the blog posts a
> > user can edit. Can anybody point me in the right direction on how to
> > do this? Thanks very much.
>
> If you can't make some assumptions, it's very expensive to do that.
> Before commencing you need to understand the basics of mptt, and also
> understand that acl is basically a tree<-habtm->tree system. If you
> don't meet these 2 requirements - research first, try later ;). The
> sql you need to achieve is something like this:
>
> SELECT
> theAco.foreign_key
> FROM
> acos as theAco
> INNER JOIN
> acos as ruleAco ON (ruleAco.lft <= theAco.lft AND ruleAco.rght >=
> theAco.rght)
> INNER JOIN
> aros_acos ON (aros_acos.aco_id = ruleAco.id)
> INNER JOIN
> aros as ruleAro ON (aros_acos.aro_id = ruleAro.id)
> INNER JOIN
> aros as theAro ON (ruleAro.lft <= theAro.lft AND ruleAro.rght >=
> theAro.rght)
> WHERE
> theAro.class = 'User' AND theAro.foreign_key = $userId AND
> ruleAco.edit = 1 AND theAco.class = 'Post';
>
> Where:
> theAco represents in the above example the aco for *a* blog post
> ruleAco represents the aco for a matching rule, which could be the
> same as "theAco" or any parent (such as the aco for all posts, or all
> objects)
> aros_acos is the permission table
> ruleAro represents the aro for a matching rule, which could be the
> same as "theAro" or any parent (such as the aro for all users)
> theAro represents the specific user
>
> As you can see, it's not trivial, and on even a moderate dataset is
> likely to really pound your db - to the point of taking it offline.
> So if you are using acl inappropriately (e.g. to define "only admin
> and owners can edit posts") It would be wise to reconsider your access
> control scheme, rather than try to implement the above.
>
> Off the cuff, IMO and hth,
>
> AD
As the sql is hard to read, I put it here:
http://bin.cakephp.org/view/1223405007
After checking the syntax etc. As mentioned use with caution.
AD
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
