brian,
the the filesystem context, i agree, it wouldn't make much sense. but
in the context of just getting a list of groups that the user can see,
it does. consider: if a user is in Global > Internal Users >
Editors, they would be in all three of those groups with my system.
they would be able to assign new records to any or all of the three
groups they are in. if they can't see the global group, they wouldn't
be able to assign a new row to that group.
i have a layout similar to yours, a sort of VFS called
"ContentFolder". it looks like this:
All Users
- some folder
-- some other folder
Group Folders
- Group A
-- stuff to do
-- hot shit
- Group B
- Group C
Personal Folders
- inbox
the All/Group/Personal folders have an "other read" permission on
them, so that everyone can see them. all other users have folders
under the personal folder, but obviously the logged-in user can only
see his own. there are folders for each group under the group folder,
but the user can only see the groups he's in, etc.
On Apr 6, 10:51 am, brian <bally.z...@gmail.com> wrote:
> Thanks for posting this. I'm currently trying to work out how to do
> this. I took a look at your behavior and think it'd work for me.
>
> About the point you mentioned with Tree-based models: I'd think that
> if a User needed to be granted access to some row which had a parent
> that the User had been denied then the layout of your tree is wrong.
> If you think about a filesystem, if user cannot read/execute some
> directory, there's no point in having a file somewhere under it which
> gives read perms.
>
> My situation is that I have several Groups, and I need to restrict
> which branches of a Volume tree they can see. Basically, like
> filesystem tree, in fact. So, I was faced with having to fetch all
> available Volume.id and pass those to my find('threaded') call, like
> you mention how Mark Story put it: "you have to know the answer to the
> question before you even ask it". This works, but seems sub-optimal.
>
> Anyway, I'll give this a go later. Thanks again.
>
> On Mon, Apr 6, 2009 at 9:46 AM, jmcneese <jmcne...@gmail.com> wrote:
>
> > since i've seen it talked about in the groups many, many, MANY times:
>
> >http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-contr...
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
