Hi,
AFAIK, the standard permission check done by the pair Auth + Acl only
works if your users belong to one role only.
If your users can have many roles, you are not in the standard Acl
tree structure.
This means that you will have to implement your own authorization
logic. This may probably be done by setting the AuthComponent::
$authorize variable to 'controller' and then by implementing the
Controller::isAuthorized() method in your AppController.
Something like this:
function beforeFilter()
{
$this->Auth->authorize = 'controller'; //-> Auth will use the
isAuthorized() method
}
function isAuthorized()
{
// Get the logged user
// Loop on his associated groups
// For each group call $this->Acl->check($group,
$current_aco_path)
// if one call to Acl->check(...) return true, then return true.
//else return false;
}
I've never done it, but I suppose it should work.
Regards,
nIcO
On Jan 5, 10:58 am, Jens Dittrich <jdittr...@gmail.com> wrote:
> Hello everyone, I have a problem with Acl. I have an Application where
> my ACO's are my Controllers and their functions. My ARO's should be
> Roles that People are in. The setup looks like this:
> User hasOne Person
> Person hasAndBelongsToMany Roles
>
> In the tutorials the setup is simpler, there you have User and Group
> and you use bindNode() to let ACL look up in the Group. In my
> situation I want it to look one step further: User over Person to
> Role. Is that possible?
>
> Is it supported to belong to multiple ARO's (Roles in my case) by Acl
> or will I run into Problems?
>
> Regards,
> Jens
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
