Seems like a story of "CRUD" with Acl, if your user as an ARO whose parent it's the department, and all user of this department have same ARO parent, any ACO (your model / record) can be checked on ACL ....using the crud
On Sep 9, 10:45 pm, cricket <zijn.digi...@gmail.com> wrote: > On Thu, Sep 9, 2010 at 4:29 PM, calzone <calz...@gmail.com> wrote: > > Thanks. > > > I am using ACL, but not terribly comfortable with it. I'm still > > trying to figure out how to make it grant "ownership" of content that > > is created by one user so only he can see it, or for other content, > > that is created by a user belonging one department so that other > > departments can't see stuff that doesn't belong to them (while still > > allowing users from the managers group to see all the departments they > > oversee, and superadmins to see everything). At the same time, the > > concepts of departments is a separate lookup table from the actual > > groups table for the ACL permissions. > > Yes, it's a huge can of worms. > > > > > I thought ACL only kicked in after the user has authenticated and that > > before that happens, for unauthenticated guests, you are stuck with > > whatever Auth allows or denies. > > Yes, that's what I meant about actions vs parameters. But, if you need > a fine-grained system to grant access to the pages, what I suggested > won't work. I thought you only had 2 classes of users: those who could > see all pages, and those who should only see 'home'. If you need to > grant different access to some pages for already-authenticated users > you'll need to either use ACL or something you roll yourself. > > Actually, on second thought, I suppose that the approach I suggested > would still work. But you'll still need some ACL business in your > display() action. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
