On Mar 16, 12:23 am, Smelly_Eddie <ollit...@gmail.com> wrote:
> So I have finally broken down in my stubborn ways and agreed to accept
> Cake's Acl component. After walking through the manual I believe it
> will make it into all my future sites.
Careful. Acl is no more than a means of getting a yes no answer to a
question (using rule inheritance) - it's not always the most
appropriate solution.
>
> The trouble I am having is to add it to one of my old sites. I am not
> looking for technical advice so much as conceptual.
>
> The example in the Manual uses some or JRR Tolkeins characters to
> explain, and that's very well. It applies to real world examples of
> people belonging to groups and inheriting properties form those
> groups.
>
> ** What if people belong to multiple groups?
>
> If your familiar with the Manual's example, how would you make Gandalf
> a Warrior, A hobbit, and A visitor, etc.
You'd need to create (or find) one ARO for each place in the tree
you'd want Gandalf to appear, and write your own check logic such that
you'd:
find all Aros for the logged in use
check if any aro has access, if so return true
else deny
>
> --------------
>
> So I guess I need some background on how the Acl component actual does
> the queries and logic.
>
> Please take the following example to understand my question.
> ------------
> A large park has many families enjoying picnics. Each family has a
> few members with exclusive access to their picnic baskets. - No
> problem
>
> My Family
> |- Myself
> |- My Brother
> L My Sister
>
> Jones Family
> |- Timmy
> |- Tommy
> L Tina (*My Fiancé)
>
> But my fiancé's family is also in the park, and I think she should
> have access to my family's picnic basket, and she would like to grant
> me access to her family's.
>
> My Family
> |- Myself
> |- My Brother
> |- My Sister
> L Tina Jones
>
> Jones Family
> |- Timmy
> |- Tommy
> |- Tina (*My Fiancé)
> L Myself
>
> This could be expanded to the point that one person 'belongs' to many
> families, and should get the inherent permissions of all those
> families.
> -----------
>
> So now the dilemma.. I am sure it is the wrong way to go to add
> duplicate ACO's like above.
An ACO in your example is the basket.
> But instead I will have to add explicit
> Aco_aro records for myself and tina.
>
> Alternately would it be possible to make the Families ACOs. So I can
> just say that I have access to Tina's family, and she has access to
> mine. From that My Family has access to our picnic basket, and by
> inheritance so does Tina.
>
> Can something be an ACO and ARO?
Yes, but that doesn't sound relevant to your example (Can you[Aro]
edit bob[Aco]).
> Or am I just missing something
> really obvious. I am just wanting to keep things simple as possible.
If you want to allow users to be in multiple groups AND use acl, that
gives you a logic problem.
Simplified(?) Acl is just an Aro(tree) habtm Aco(tree) relationship.
This usually means
User hasOne Aro(tree) habtm Aco(tree).
If you want multiple groups, one way or another, you need to change
that to be:
User hasMany Aro(tree) habtm Aco(tree).
That is of course if you choose to use ACL as your rule mechanism.
Whether you achieve that by creating duplicate aros, searching for the
aros for each group a user is a member of or other; is up to you.
Maybe some other opinions are forthcoming.
hth,
AD
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
