You could also just use $this->Auth->user('id') which gets the info from the session.
On Thu, Sep 24, 2009 at 10:09 AM, Rick <will...@gmail.com> wrote: > > I know that globals are bad but... > > I just set a global $gblCurrentUser when the user logs in. Then > accessing that in models, I can add a select condition for that user > in the beforeFind etc.. > > You get the idea? > > Rick > > > > > On Sep 24, 12:20 am, brian <bally.z...@gmail.com> wrote: >> I did something similar to this. However, I was so overwhelmed by the >> contradictory and/or incomplete information I found about Cake's ACL >> (mostly because it was quite dated) that I really don't know for sure >> that I did it the best way. >> >> My app is an extranet that has several different Groups. The >> navigation consists of many Sections that are stored as a tree (MPTT). >> Some Sections may not be seen by certain Groups. So, to display this >> navigation tree, I called this method in my SectionsController: >> >> public function nav($group_id = null) >> { >> if (is_null($group_id)) >> { >> if (!$this->params['admin']) >> { >> $group_id = $this->Auth->user('group_id'); >> } >> } >> $this->Session->write('group_id_for_nav', $group_id); >> >> /* try getting the nodes from the cache >> */ >> $sections = Cache::read("group_sections_${group_id}", 'default'); >> >> if (!$sections) >> { >> /* fetch the permissions for this group >> */ >> $perms = $this->Acl->Aco->find( >> 'all', >> array( >> 'fields' => array('Aco.foreign_key'), >> 'conditions' => array( >> 'Aco.model' => 'Section', >> 'Aco.id = Permission.aco_id' >> ), >> 'recursive' => -1, >> 'joins' => array( >> array( >> 'table' => 'aros', >> 'alias' => 'Aro', >> 'type' => 'INNER', >> 'conditions'=> array( >> 'Aro.model' => >> 'Group', >> "Aro.foreign_key = >> ${group_id}" >> ) >> ), >> array( >> 'table' => 'aros_acos', >> 'alias' => 'Permission', >> 'type' => 'INNER', >> 'conditions'=> array( >> 'Permission.aro_id = >> Aro.id', >> 'Permission._read >= >> 0' >> ) >> ) >> ) >> ) >> ); >> >> $section_ids = Set::extract($perms, '{n}.Aco.foreign_key'); >> >> /* we don't want to see the root node >> */ >> unset($section_ids[0]); >> >> /* now grab the sections these permissions allow >> */ >> $sections = $this->Section->threaded($section_ids); >> >> /* save this group's allowed sections >> */ >> Cache::write("group_sections_${group_id}", $sections, >> 'default'); >> } >> return $sections; >> >> } >> >> So, the Aco.foreign_key fields I'm after correspond to Section.ids. >> Once i have those, I fetch the relevant Sections as a threaded list. >> Obviously, you'd just be interested in the record IDs. >> >> What I'm storing in the cache is the Sections themselves. For your >> case, you'd likely want to save the record IDs in the session instead >> of caching them. >> >> Anyway, the important thing is the joins used to get at the model IDs >> for your record-level ACL through the ACO.foreign_key. >> >> Let me know if you want more info. >> >> On Wed, Sep 23, 2009 at 5:19 PM, rOger <roger.eisenec...@icer.ch> wrote: >> >> > Hi @all, >> >> > I'm really new to CakePHP and I read about the ACL modell of CakePHP. >> > As usual also the examples seems to be simple so it is easy to >> > understand the system. I'm evaluating cakePHP for a new project where >> > I have records which belongs to a given user = that is the owner of >> > the record. Now I want to have a ACL system which enables some groups >> > (like Administrators) full access to these records. That is the "easy" >> > part and is well documented. The second part is a little bit more >> > tricky (in my opinion): The owner should also have full access to his >> > record details (means should be editable) but other users should have >> > no access. That means that the ACL system has to decide according to a >> > field value of a record if the user has access to or not. >> >> > I hope it is clear what I need and hope that someone can spend some >> > light on this issue. >> >> > Thanks in advance, >> > rOger > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---