I try to explain better. I have users that belongs to groups (a user can belong to many group and a group can have many users) Then I have documents. I must manage permissions on documents. Permissions are : read a document, edit a document etc... Permission can be defined in raltion to groups or to users
So there are documents can be accessed by all user in a group and there are other documents can be accessed by only some users. I ask what is the best pattern to manage this situation To manage this is better have a HABTM relation between User and Document with a "permission" field ( more simple but I have to use more and more space). In this way when I set that a document can be access by a group I must insert in HABTM relation all the users of the group. or I use ACL (very very complex to use in this situation(I have to manage also that a user can belong to many groups) or I ask if exist another method? I hope that now my problem is more understandable. On 10 Feb, 17:46, anl hp <anle...@gmail.com> wrote: > Forgive me, but I'm making a mess, now you're saying: "I must find all users > that belong to the group and insert a record in > all two tables(LineDoc and DocPermit) for every user." I believe I don't > understand you quite well at first time, but anyway, If you going to do > that, may be is better for you to > merge the LineDoc Model and DocPermit Model into one model, thus eliminating > the need > of insert pretty same data in two different tables > > anl > > On Wed, Feb 10, 2010 at 3:23 PM, marco.rizze...@gmail.com < > > marco.rizze...@gmail.com> wrote: > > Ok many thanks. > > Using the solution that you have suggested I don't need to use ACL. > > In this case for manage permissions expressed by group on a document > > (like "Group A can read Document 1") > > I must find all users that belong to the group and insert a record in > > all two tables(LineDoc and DocPermit) for every user. > > Is it correct? > > > On 10 Feb, 14:20, anler <anle...@gmail.com> wrote: > > > I think the BEST way is using ACL, and yes, it's complex, but give you > > > reliability for free, even more > > > if you are mixin groups in the coctel (group permits are inherited by > > > users of that group, and things like that), > > > with ACL you could handle better reading and writing documents > > > through AuthComponent::authorize = 'crud' > > > (If you have time and patience I encourage you to do it this way, I > > > will help in anything you need ;) ) > > > > if you just want get something fast and cheap, well, I'll tell you > > > what I'm thinking > > > > - Keep the model Document as flat as possible, ex in db: > > > table documents( > > > name .., created ..., modified ... > > > ) > > > > - Instead of relating Users and Documents through a HABTM relation, in > > > HABTM the join table acts only as a connection between de models, but > > > if you feel the need of add more > > > information to this table, you should give her its own model because > > > it is participating in the application bussiness, ex: > > > table line_docs( > > > user_id, document_id, date_when_read, etc > > > ) > > > > model LineDocs (or whatever name you want give him) > > > hasMany => Users > > > hasMany => Documents > > > > - Let another table manage the user permits on documents > > > table doc_permits( > > > user__id, document_id, create?, read?, write?, delete?, > > > etc > > > ) > > > and check this table when somebody wants to touch or create some > > > document > > > > On Feb 10, 1:41 pm, "marco.rizze...@gmail.com" > > > > <marco.rizze...@gmail.com> wrote: > > > > Can you explain better what is your solution. > > > > I explain better my situation: > > > > > Model : > > > > Group: (HABTM User) > > > > User:(HABTM:Group) > > > > Document > > > > > I have to manage permissions to access to documents. > > > > Some users can modify some documents , some users can only read some > > > > documents(I must also register when a user reads a documents ), some > > > > users can't read some documents. > > > > > To manage this is better have a HABTM relation between User and > > > > Document with a "permission" field (and with a "date_when_read" > > > > field) ( more simple but I have to use more and more space). > > > > > or use ACL (very very complex to use in this situation(I have to > > > > manage also that a user can belong to many groups) and but it uses > > > > less space) > > > > > or exist another method to use (a best pattern)? > > > > > Write all your experience about this because I think that is one of > > > > the big problem when project a web application > > > > Many Thanks > > > > On 10 Feb, 12:53, anler <anle...@gmail.com> wrote: > > > > > > Are you aking how find the allowed docs or how to paginate this > > result > > > > > (or both)? > > > > > > I did something similar once but with a different approach, since I > > > > > was working with > > > > > 'resources' instead of documents, I listed the resources and the > > > > > option 'access info' > > > > > to show the permits for that resource (this way used less db queries) > > > > > > On Feb 10, 12:41 pm, "marco.rizze...@gmail.com" > > > > > > <marco.rizze...@gmail.com> wrote: > > > > > > Hi > > > > > > I have this question: > > > > > > I use ACL for manage the access to documents by users. > > > > > > Now I must display a list of all documents that are accessible by > > the > > > > > > logged user. > > > > > > This list must be paginated. > > > > > > I have no idea about how to do this and I think to abandon the ACL > > and > > > > > > manage the permits with a big table with all relations (HABTM) > > between > > > > > > users and documents. > > > > > > I would ask if someone has any idea about this. > > > > > > Many Thanks > > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others > > with their CakePHP related questions. > > > You received this message because you are subscribed to the Google Groups > > "CakePHP" group. > > To post to this group, send email to cake-php@googlegroups.com > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com<cake-php%2bunsubscr...@googlegroups.com>For > > more options, visit this group at > >http://groups.google.com/group/cake-php?hl=en > > Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
