Hi, AFAIK, the standard permission check done by the pair Auth + Acl only works if your users belong to one role only. If your users can have many roles, you are not in the standard Acl tree structure.
This means that you will have to implement your own authorization logic. This may probably be done by setting the AuthComponent:: $authorize variable to 'controller' and then by implementing the Controller::isAuthorized() method in your AppController. Something like this: function beforeFilter() { $this->Auth->authorize = 'controller'; //-> Auth will use the isAuthorized() method } function isAuthorized() { // Get the logged user // Loop on his associated groups // For each group call $this->Acl->check($group, $current_aco_path) // if one call to Acl->check(...) return true, then return true. //else return false; } I've never done it, but I suppose it should work. Regards, nIcO On Jan 5, 10:58 am, Jens Dittrich <jdittr...@gmail.com> wrote: > Hello everyone, I have a problem with Acl. I have an Application where > my ACO's are my Controllers and their functions. My ARO's should be > Roles that People are in. The setup looks like this: > User hasOne Person > Person hasAndBelongsToMany Roles > > In the tutorials the setup is simpler, there you have User and Group > and you use bindNode() to let ACL look up in the Group. In my > situation I want it to look one step further: User over Person to > Role. Is that possible? > > Is it supported to belong to multiple ARO's (Roles in my case) by Acl > or will I run into Problems? > > Regards, > Jens Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en