You could also just use $this->Auth->user('id') which gets the info
from the session.
On Thu, Sep 24, 2009 at 10:09 AM, Rick <will...@gmail.com> wrote:
>
> I know that globals are bad but...
>
> I just set a global $gblCurrentUser when the user logs in. Then
> accessing that in models, I can add a select condition for that user
> in the beforeFind etc..
>
> You get the idea?
>
> Rick
>
>
>
>
> On Sep 24, 12:20 am, brian <bally.z...@gmail.com> wrote:
>> I did something similar to this. However, I was so overwhelmed by the
>> contradictory and/or incomplete information I found about Cake's ACL
>> (mostly because it was quite dated) that I really don't know for sure
>> that I did it the best way.
>>
>> My app is an extranet that has several different Groups. The
>> navigation consists of many Sections that are stored as a tree (MPTT).
>> Some Sections may not be seen by certain Groups. So, to display this
>> navigation tree, I called this method in my SectionsController:
>>
>> public function nav($group_id = null)
>> {
>> if (is_null($group_id))
>> {
>> if (!$this->params['admin'])
>> {
>> $group_id = $this->Auth->user('group_id');
>> }
>> }
>> $this->Session->write('group_id_for_nav', $group_id);
>>
>> /* try getting the nodes from the cache
>> */
>> $sections = Cache::read("group_sections_${group_id}", 'default');
>>
>> if (!$sections)
>> {
>> /* fetch the permissions for this group
>> */
>> $perms = $this->Acl->Aco->find(
>> 'all',
>> array(
>> 'fields' => array('Aco.foreign_key'),
>> 'conditions' => array(
>> 'Aco.model' => 'Section',
>> 'Aco.id = Permission.aco_id'
>> ),
>> 'recursive' => -1,
>> 'joins' => array(
>> array(
>> 'table' => 'aros',
>> 'alias' => 'Aro',
>> 'type' => 'INNER',
>> 'conditions'=> array(
>> 'Aro.model' =>
>> 'Group',
>> "Aro.foreign_key =
>> ${group_id}"
>> )
>> ),
>> array(
>> 'table' => 'aros_acos',
>> 'alias' => 'Permission',
>> 'type' => 'INNER',
>> 'conditions'=> array(
>> 'Permission.aro_id =
>> Aro.id',
>> 'Permission._read >=
>> 0'
>> )
>> )
>> )
>> )
>> );
>>
>> $section_ids = Set::extract($perms, '{n}.Aco.foreign_key');
>>
>> /* we don't want to see the root node
>> */
>> unset($section_ids[0]);
>>
>> /* now grab the sections these permissions allow
>> */
>> $sections = $this->Section->threaded($section_ids);
>>
>> /* save this group's allowed sections
>> */
>> Cache::write("group_sections_${group_id}", $sections,
>> 'default');
>> }
>> return $sections;
>>
>> }
>>
>> So, the Aco.foreign_key fields I'm after correspond to Section.ids.
>> Once i have those, I fetch the relevant Sections as a threaded list.
>> Obviously, you'd just be interested in the record IDs.
>>
>> What I'm storing in the cache is the Sections themselves. For your
>> case, you'd likely want to save the record IDs in the session instead
>> of caching them.
>>
>> Anyway, the important thing is the joins used to get at the model IDs
>> for your record-level ACL through the ACO.foreign_key.
>>
>> Let me know if you want more info.
>>
>> On Wed, Sep 23, 2009 at 5:19 PM, rOger <roger.eisenec...@icer.ch> wrote:
>>
>> > Hi @all,
>>
>> > I'm really new to CakePHP and I read about the ACL modell of CakePHP.
>> > As usual also the examples seems to be simple so it is easy to
>> > understand the system. I'm evaluating cakePHP for a new project where
>> > I have records which belongs to a given user = that is the owner of
>> > the record. Now I want to have a ACL system which enables some groups
>> > (like Administrators) full access to these records. That is the "easy"
>> > part and is well documented. The second part is a little bit more
>> > tricky (in my opinion): The owner should also have full access to his
>> > record details (means should be editable) but other users should have
>> > no access. That means that the ACL system has to decide according to a
>> > field value of a record if the user has access to or not.
>>
>> > I hope it is clear what I need and hope that someone can spend some
>> > light on this issue.
>>
>> > Thanks in advance,
>> > rOger
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
