A zero has a lot to do with the process. It means that specific permission is inherited from a parent node.
On Feb 21, 3:49 am, Joshua <josh...@gmail.com> wrote: > I got it! > //code > switch ($perm['_' . $action]) { > case -1: > return false; > case 0: > continue; > break; > case 1: > return true; > break; > } > //code end > 0: will has nothing to do with your check process; > -1: if _create was setted -1 , and you write like this > '$this->Acl->check('group.anonymous', $aco, "write")', you will get a false > > return. > > That means we can set these four actions separately. > > On Feb 21, 10:29 am, Joshua <josh...@gmail.com> wrote: > > > Steve, thank you! > > Yeah, I found this in cake source code > > > //code > > /** > > * Determines whether the given user is authorized to perform an > > action. The type of > > * authorization used is based on the value of AuthComponent:: > > $authorize or the > > * passed $type param. > > * > > * Types: > > * 'controller' will validate against Controller::isAuthorized() if > > controller instance is > > * passed in $object > > * 'actions' will validate Controller::action against an > > AclComponent::check() > > * 'crud' will validate mapActions against an AclComponent::check() > > * array('model'=> 'name'); will validate mapActions against > > model > > * $name::isAuthorized(user, controller, mapAction) > > * 'object' will validate Controller::action against > > * object::isAuthorized(user, controller, action) > > * > > * @param string $type Type of authorization > > * @param mixed $object object, model object, or model name > > * @param mixed $user The user to check the authorization of > > * @return boolean True if $user is authorized, otherwise false > > * @access public > > */ > > function isAuthorized($type = null, $object = null, $user = null) { > > //code end > > There is another question, if _create action was setted -1 and others > > were setted 1. What will happen? > > Hope somebody can help! :-) > > > On Feb 21, 8:03 am, stevel <isig...@gmail.com> wrote: > > > > I'm not an expert in this. This is my understanding. How the 4 action > > > settings are used depends on the type of authorization mode you are > > > using. If you select the CRUD mode Auth->authorize = 'crud', then the > > > full functionality of the aros_acos table will be utilized, so that > > > access will be granted to an action only if the column for that action > > > is set to a value of ‘1’. So for this situation, you can have a > > > mixture of "1" and "0" for the 4 action column. > > > > But if you set Auth->authorize = 'actions' or Auth->authorize = > > > 'controller', then the 4 settings are used differently. For example, I > > > use Auth->authorize = 'actions'; then in the aros_acos table for a > > > particular action, I have to set all 4 settings to "1" to allow access > > > permission to that action or set to "0" to deny access. If any one of > > > the 4 is set to ‘0’ or ‘-1’ no permission will be granted to the > > > entire node. Which is what you brought up as true and false setting. > > > So if you want it to be true, set all 4 columns to "1", or if you want > > > it to be false, set all to "0" (or at least one column to "0"). > > > > Not sure if that helps or not. If my understanding is incorrect, > > > hopefully some experts will help explain it better. > > > > Cheers, > > > Steve > > > > On Feb 20, 6:42 am, Joshua <josh...@gmail.com> wrote: > > > > > Thanks for your reply! > > > > So what's meaning of these four actions, like > > > > _update,_create,_read,_delete in table aros_acos? > > > > We say an user has the read rights of an action post? > > > > In my opinion, there should be only two status, true or false instead > > > > of these four actions. If true, we can say an user has the right of > > > > post action. If false, an user has no rights to the action. > > > > ? > > > > > On Feb 20, 10:09 pm, James Louie Puro <james.louie.p...@gmail.com> > > > > wrote: > > > > > > I think not...while AROs are elements trying to gain access to a > > > > > protected > > > > > system like users and groups, ACOs are elements (actions) that are > > > > > being > > > > > protected. > > > > > > so you can add acos (action) in your controller just like function > > > > > index, > > > > > view...etc > > > > > and assign AROs to it. > > > > > > On Fri, Feb 20, 2009 at 5:01 PM, Joshua <josh...@gmail.com> wrote: > > > > > > > Is there anybody can help me? > > > > > > > On Feb 20, 8:22 pm, Joshua <josh...@gmail.com> wrote: > > > > > > > Hi, > > > > > > > I try to add ACL to my application, but when I take a look at the > > > > > > > table 'aros_acos', it seems there is only four actions in the > > > > > > > table. > > > > > > > Did it mean that we can only use four actions in our applications? > > > > > > > Is there any body can explain this? Many thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---