Re: Many-to-many ACL
On Friday, 2 November 2012 06:57:13 UTC+7, Daniel Hdez wrote: > > Hello, hey i have the same problem, do you find a solution yet? greetings! > :) > If you read the thread, you'll find the solution in front of you :p -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: Many-to-many ACL
Hello, hey i have the same problem, do you find a solution yet? greetings! :) -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: Many-to-many ACL
Or you can use this plugin: https://github.com/ceeram/Authorize and set AuthComponent up with HabtmDbAclAuthorize Op maandag 21 mei 2012 14:35:32 UTC+2 schreef rahajiyev het volgende: > > > > On May 16, 1:23 am, Justin Edwards wrote: > > > To DB > > > > https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Controller/... > > > > > Does tinyauthdb work with Cake 1.3? I need 1.3 for its Oracle support. > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Nevermind, I think I got Oracle working with 2.1 thanks to this tutorial and a bit more thumb twiddling: http://www.hassanbakar.com/2012/01/09/using-oracle-in-cakephp-2-0/comment-page-1/#comment-38958 At the very least I could get pagination working. On May 21, 5:35 pm, rahajiyev wrote: > On May 16, 1:23 am, Justin Edwards wrote: > > > To DB > > >https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Controller/... > > Does tinyauthdb work with Cake 1.3? I need 1.3 for its Oracle support. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
On May 16, 1:23 am, Justin Edwards wrote: > To DB > > https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Controller/... > Does tinyauthdb work with Cake 1.3? I need 1.3 for its Oracle support. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
OK, I've worked around this deficiency by doing 2 things:
(1) added 'recursive' => 1 to AuthI
public $components = array(
'Auth' => array(
'authenticate' => array('Form' =>
array('userModel' => 'Milli', 'recursive' => 1)),
(2) writing afterFind() callback in my model:
public function afterFind(array $query) {
if (count($query) == 1) {
# single result fetched
$record = &$query[0];
if (isset($record['Role']) &&
is_array($record['Role'])) {
$roles = array();
foreach ($record['Role'] as $role)
$roles[] = $role['RolesUser']
['role_id'];
$record[$this->alias]['Role'] =
$roles;
unset($record['Role']);
}
}
return $query;
}
You bet this is ugly! But works.
There's one small problem, though. When I remove currently logged in
user's role to access a specific resource, he can still do so. Looks
like authorize() accesses Session data, and Session has active user
roles cached.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
I've tried adding joins in my User model beforeFind():
public function beforeFind(array $query) {
$query['joins'] = array(
array(
'table' => 'roles_users',
'alias' => 'RolesUser',
'type' => 'INNER',
'conditions' =>
array('Milli.id=RolesUser.user_id')),
array(
'table' => 'roles',
'alias' => 'Role',
'type' => 'INNER',
'conditions' =>
array('RolesUser.role_id=Role.id')));
return $query;
}
Now Model::find() correctly does receives the join info:
/lib/Cake/Model/Model.php (line 2676)
array(
'conditions' => array(
'Milli.username' => 'rihad',
'Milli.password' => '17bce4ac9c39019189b7bba280af55de9fe1d9a7'
),
'fields' => null,
'joins' => array(
(int) 0 => array(
'table' => 'roles_users',
'alias' => 'RolesUser',
'type' => 'INNER',
'conditions' => array(
(int) 0 => 'Milli.id=RolesUser.user_id'
)
),
(int) 1 => array(
'table' => 'roles',
'alias' => 'Role',
'type' => 'INNER',
'conditions' => array(
(int) 0 => 'RolesUser.role_id=Role.id'
)
)
),
'limit' => (int) 1,
'offset' => null,
'order' => array(
(int) 0 => null
),
'page' => (int) 1,
'group' => null,
'callbacks' => true,
'recursive' => (int) 2
But the User is still fetched with Role side by side, so
BaseAuthenticate ignores Role.
array(
(int) 0 => array(
'Milli' => array(
'password' => '*',
'id' => (int) 6,
'username' => 'rihad',
'password_expiration' => null,
'created' => '2012-05-15 16:30:10',
'modified' => '2012-05-18 10:14:07',
'last_accessed' => null
),
'Role' => array(
(int) 0 => array(
'id' => (int) 1,
'alias' => 'operations',
'RolesUser' => array(
'id' => (int) 6,
'role_id' => (int) 1,
'user_id' => (int) 6
)
)
)
)
)
I'm expecting Role to be nested inside Milli, or something like that.
Please help, it's a SNAFU, I've invested too much of my limited time
to get the job done, it's too late to go looking for a working
framework :( I admit that it's probably a misconfiguration from my
part. But I can't fix it.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
I should probably specify manual joins required for HABTM relations, as described in the docs (see Joining Tables towards the end). But how do I tweak the joins? AFAIK they can only be specified in the find() calls, and those are performed internally by the Auth subsystem. So what should I do? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
I tracked down the issue to BaseAuthenticate::_findUser() Even though it correctly joins user table to roles and fetches them both, Role isn't nested in user, so to speak: $result is: array( 'Milli' => array( 'id' => (int) 6, 'username' => 'rihad', 'created' => '2012-05-15 16:30:10', 'modified' => '2012-05-18 10:14:07', ), 'Role' => array( (int) 0 => array( 'id' => (int) 1, 'alias' => 'operations', 'RolesUser' => array( 'id' => (int) 6, 'role_id' => (int) 1, 'user_id' => (int) 6 ) ) ) ) so when _findUser() returns $result[$model] back to FormAuthenticate, all it gets is: array( 'id' => (int) 6, 'username' => 'rihad', 'created' => '2012-05-15 16:30:10', 'modified' => '2012-05-18 10:14:07', ) What should I do? I'm sure it's a misconfiguration because folks have probably used TinyAuthorize with HABTM roles. On May 17, 8:33 pm, rihad wrote: > I've tried copying auth stuff to User, and modified routes > accordingly, it didn't help. > User is a prefixed (/admin) controller for creating operators that > will be using the app based on their roles in non-prefixed URLs. > The authentication of /admin itself happens in Apache. The creator of > operators through CRUD doesn't need to use the app itself. > > On May 17, 7:34 pm, Justin Edwards wrote: > > > > > > > > > I've never tried to make the User model be named anything else. I have > > users and roles many to many on both sides though. > > >https://github.com/justinledwards/tinyauthdb/tree/2.1/app/Model > > >https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Model/Role -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
I've tried increasing recursive in my Auth settings:
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array('Form' =>
array('userModel' => 'Milli', 'recursive' => 1)),
'authorize' => array('Tiny' =>
array('aclModel' => 'Role')),
And now _findUser() in BaseAuthenticate.php indeed starts fetching the
user deeply with its Role.
array(
'Milli' => array(
'password' => '*',
'id' => (int) 6,
'username' => 'rihad',
'created' => '2012-05-15 16:30:10',
'modified' => '2012-05-18 10:14:07'
),
'Role' => array(
(int) 0 => array(
'id' => (int) 1,
'alias' => 'operations',
'RolesUser' => array(
'id' => (int) 6,
'role_id' => (int) 1,
'user_id' => (int) 6
)
)
)
)
But TinyAuth still is getting the shallow user in its authorize().
array(
'id' => (int) 6,
'username' => 'rihad',
'created' => '2012-05-15 16:30:10',
'modified' => '2012-05-18 10:14:07',
)
What's going on? The session (/tmp/sess_* files) is lacking the Role
stuff.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
I've tried copying auth stuff to User, and modified routes accordingly, it didn't help. User is a prefixed (/admin) controller for creating operators that will be using the app based on their roles in non-prefixed URLs. The authentication of /admin itself happens in Apache. The creator of operators through CRUD doesn't need to use the app itself. On May 17, 7:34 pm, Justin Edwards wrote: > I've never tried to make the User model be named anything else. I have > users and roles many to many on both sides though. > > https://github.com/justinledwards/tinyauthdb/tree/2.1/app/Model > > https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Model/Role.phphttps://github.com/justinledwards/tinyauthdb/blob/2.1/app/Model/User.php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
On May 17, 7:34 pm, Justin Edwards wrote: > I've never tried to make the User model be named anything else. I have > users and roles many to many on both sides though. > > https://github.com/justinledwards/tinyauthdb/tree/2.1/app/Model > > https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Model/Role.phphttps://github.com/justinledwards/tinyauthdb/blob/2.1/app/Model/User.php > Thanks. Mark said that too small "recursive" might be an issue, although its default setting of 1 should be enough to reach the roles. This looks like the most probable reason because TinyAuthorize::authorize() receives plain $user with no joins. I'll check that tomorrow. I'll also try adding the other side of HABTM to Role. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
I've never tried to make the User model be named anything else. I have
users and roles many to many on both sides though.
https://github.com/justinledwards/tinyauthdb/tree/2.1/app/Model
https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Model/Role.php
https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Model/User.php
On Thu, May 17, 2012 at 6:50 AM, rahajiyev wrote:
> Nope it doesn't work :(
> authorize() in TinyAuthorize receives $user that lacks any joins to
> roles table:
>
> array(
>'id' => (int) 6,
>'username' => 'rihad',
> 'created' => '2012-05-15 16:30:10',
> 'modified' => '2012-05-17 16:36:24',
> )
>
> so of course it can't find $user['Role']
> Here's my user class:
> class Milli extends AppModel {
>public $hasAndBelongsToMany = array(
>'Role' => array(
>'className' => 'Role',
>'joinTable' =>
> 'roles_users',
>'foreignKey'=> 'user_id',
>'assosciationForeignKey'=> 'role_id',
>'unique'=>
> 'keepExisting'));
> }
>
> class Role is empty.
>
> class MilliController extends AppController
>public $components = array(
>'Session',
>'Auth' => array(
>'loginRedirect' => array('controller' =>
> 'milli', 'action' => 'index'),
>'logoutRedirect' => array('controller' =>
> 'milli', 'action' => 'index'),
> 'authenticate' => array('Form' =>
> array('userModel' => 'Milli')),
> 'authorize' => array('Tiny' =>
> array('aclModel' => 'Role')),
> 'loginAction' => array('controller' =>
> 'milli', 'action' => 'login')));
>
>public function beforeFilter() {
> $this->Auth->allow('login', 'logout');
>}
>
> Please help...
>
> On May 17, 11:53 am, rahajiyev wrote:
> > OK, so I changed 'Role' to 'role' in Configure::write and it seems to
> > work. I'm able to log in, and access an action that my role is
> > permitted to access (as per acl.ini).
> > But a strange thing happens when I attempt to access an action that
> > I'm not permitted to. Instead of redirecting me to the /login page due
> > to inappropriate permissions, I get silently redirected to / which I
> > AM permitted to access. What's going on?
>
> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group
> at http://groups.google.com/group/cake-php
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Nope it doesn't work :(
authorize() in TinyAuthorize receives $user that lacks any joins to
roles table:
array(
'id' => (int) 6,
'username' => 'rihad',
'created' => '2012-05-15 16:30:10',
'modified' => '2012-05-17 16:36:24',
)
so of course it can't find $user['Role']
Here's my user class:
class Milli extends AppModel {
public $hasAndBelongsToMany = array(
'Role' => array(
'className' => 'Role',
'joinTable' =>
'roles_users',
'foreignKey'=> 'user_id',
'assosciationForeignKey'=> 'role_id',
'unique'=>
'keepExisting'));
}
class Role is empty.
class MilliController extends AppController
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' =>
'milli', 'action' => 'index'),
'logoutRedirect' => array('controller' =>
'milli', 'action' => 'index'),
'authenticate' => array('Form' =>
array('userModel' => 'Milli')),
'authorize' => array('Tiny' =>
array('aclModel' => 'Role')),
'loginAction' => array('controller' =>
'milli', 'action' => 'login')));
public function beforeFilter() {
$this->Auth->allow('login', 'logout');
}
Please help...
On May 17, 11:53 am, rahajiyev wrote:
> OK, so I changed 'Role' to 'role' in Configure::write and it seems to
> work. I'm able to log in, and access an action that my role is
> permitted to access (as per acl.ini).
> But a strange thing happens when I attempt to access an action that
> I'm not permitted to. Instead of redirecting me to the /login page due
> to inappropriate permissions, I get silently redirected to / which I
> AM permitted to access. What's going on?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Ok, so I created two more tables:
roles:
id int primary key;
name varchar;
roles_users:
id int primary key;
role_id foreign key roles(id);
user_id foreign key users(id);
and authorization automagically figures out where to allow the
currently logged in user.
But there's one thing. When paginating list of users, how can I get at
the user's roles? User model hasAndBelongsToMany('Role') but still
role information isn't included.
public function index() {
$this->User->recursive = 0;
$this->set('users', $this->paginate());
}
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Do I still need to use a many-to-many roles_users table if I want each user to possess multiple roles? How do I go about that? Unfortunately this tutorial doesn't go into much detail: http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/ -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
OK, so I changed 'Role' to 'role' in Configure::write and it seems to work. I'm able to log in, and access an action that my role is permitted to access (as per acl.ini). But a strange thing happens when I attempt to access an action that I'm not permitted to. Instead of redirecting me to the /login page due to inappropriate permissions, I get silently redirected to / which I AM permitted to access. What's going on? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
> In > AuthComponent's authorize() I could see that it's attempting to access > $user[$this->settings['aclModel']]) I meant to say TinyAuthorize's authorize(). -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Thanks, Justin. But now I'm getting "You are not authorized to access
that location." flash error and kicked back to /login. In
AuthComponent's authorize() I could see that it's attempting to access
$user[$this->settings['aclModel']])
and failing that triggers error:
Notice (1024): Missing acl information (Role/role_id) in user session
[APP/Controller/Component/Auth/TinyAuthorize.php, line 78]
settings['aclModel'] is 'Role' as per default so it basically tries
$user->['Role']
My $user looks like this:
array(
'id' => (int) 6,
'username' => 'rihad',
'role' => 'can-do-this',
'created' => '2012-05-15 16:30:10',
'modified' => '2012-05-17 10:39:17',
)
it indeed lacks 'Role' field. Should I simply change $this-
>authorize['aclModel'] = 'Role' ?
I have this in Config/core.php:
Configure::write('Role', array(
'can-do-this' => 1,
'can-do-that => 2,
));
to emulate a missing table.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
app/Controller/Component/Auth On Wed, May 16, 2012 at 11:29 AM, rihad wrote: > On May 16, 1:23 am, Justin Edwards wrote: > > http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest... > > > > To DB > > > > https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Controller/... > > > > > I'm having a hard time choosing the right place for this code. Where > do I put it cleanly? I tried dropping it off in Plugin/ but Cake won't > find it. > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
On May 16, 1:23 am, Justin Edwards wrote: > http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest... > > To DB > > https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Controller/... > > I'm having a hard time choosing the right place for this code. Where do I put it cleanly? I tried dropping it off in Plugin/ but Cake won't find it. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Bingo! By reading the source of AuthComponent and sprinkling
"debug($var); exit;" here and there I tracked after its construction
that $this->_authenticateObjects looked like this:
array(
(int) 0 => object(FormAuthenticate) {
settings => array(
'fields' => array(
'password' => '*',
'username' => 'username'
),
'userModel' => 'Users',
'scope' => array(),
'recursive' => (int) 0
)
}
)
The model was still Users! So a change was trivial:
in MilliController.php.:
changed'authenticate' => array('Form' ),
to this: 'authenticate' => array('Form' =>
array('userModel' => 'Milli')),
for now the logging in passes through.
The docs for auth are severely lacking.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Here's what PostgreSQL logs when I click the Login button as above: 2012-05-16 17:00:03 AZST LOG: execute pdo_stmt_0001: SET search_path TO public 2012-05-16 17:00:03 AZST LOG: statement: DEALLOCATE pdo_stmt_0001 2012-05-16 17:00:03 AZST LOG: execute pdo_stmt_0002: SELECT table_name as name FROM INFORMATION_SCHEMA.tables WHERE table_schema = $1 2012-05-16 17:00:03 AZST DETAIL: parameters: $1 = 'public' 2012-05-16 17:00:03 AZST LOG: execute pdo_stmt_0003: SELECT DISTINCT table_schema AS schema, column_name AS name, data_type AS type, is_nullable AS null, column_default AS default, ordinal_position AS position, character_maximum_length AS char_length, character_octet_length AS oct_length FROM information_schema.columns WHERE table_name = $1 AND table_schema = $2 ORDER BY position 2012-05-16 17:00:03 AZST DETAIL: parameters: $1 = 'users', $2 = 'public' 2012-05-16 17:00:03 AZST LOG: statement: DEALLOCATE pdo_stmt_0003 2012-05-16 17:00:03 AZST LOG: statement: DEALLOCATE pdo_stmt_0002 Apparently it doesn't attempt to query users table itself. But if I remove the users table clicking login barfs that table users does not exist, so there's something else stopping it. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Now I cannot authenticate. Just simple authentication only for now.
AFAIK Auth is supposed to automagically check columns username &
password in the table. Yet it doesn't work. Here's what I do: visit
example.org/, get redirected to example.org/login, enter valid
username & pass, and get the same login URL with flash error: "Invalid
username or password, try again". No SQL queries get logged as far as
I can tell (debug>0).
Model/Milli.php is empty
class MilliController extends AppController
{
public $paginate = array('limit' => 5);
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' =>
'milli', 'action' => 'index'),
'logoutRedirect' => array('controller' =>
'milli', 'action' => 'index'),
'authenticate' => array('Form'),
'loginAction' => array('controller' =>
'milli', 'action' => 'login')));
public function beforeFilter() {
#parent::beforeFilter();
$this->Auth->allow('login', 'logout');
#$this->Auth->allow('*');
}
public function login() {
if ($this->request->isPost()) {
if ($this->Auth->login()) {
$this->redirect($this->Auth-
>redirect());
} else {
$this->Session->setFlash(__('Invalid
username or password, please try again'));
}
}
}
public function logout() {
$this->redirect($this->Auth->logout());
}
public function index() {
}
}
View/Milli/login.ctp:
Session->flash('auth'); ?>
Form->create('Milli');?>
Form->input('username');
echo $this->Form->input('password');
?>
Form->end(__('Login'));?>
Config/routes.php:
Router::connect('/', array('controller' => 'milli', 'action'
=> 'index'));
Router::connect('/:action', array('controller' => 'milli'));
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Nothing's better than reading Cake code :-p In ../lib/Cake/Controller/Component/AuthComponent.php: public $loginAction = array( 'controller' => 'users', 'action' => 'login', 'plugin' => null ); So users is hardcoded... -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Many-to-many ACL
I could narrow this down to these lines:
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' =>
'operators', 'action' => 'index'),
'logoutRedirect' => array('controller' =>
'operators', 'action' => 'index')));
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('login', 'logout');
}
if I remove them, the strange redirect example.org/ => example.org/
users/login does not happen.
What's going on?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
Thanks, I'm trying to use it. Something strange is going on (probably
unrelated to the TinyAuth plugin).
When I visit the root of the site (http://example.org/) I expect Cake
to redirect to operators/login, but it instead gets me to users/login.
There IS a UsersController, but it's prefixed under /admin like this:
Router::connect('/admin', array('controller' => 'users', 'action' =>
'index', 'admin' => true));
Here's my Controller/OperatorsController.php:
class OperatorsController extends AppController # (AppController is
empty)
{
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' =>
'operators', 'action' => 'index'),
'logoutRedirect' => array('controller' =>
'operators', 'action' => 'index')));
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('login', 'logout');
}
public function login() {
if ($this->request->isPost()) {
if ($this->Auth->login()) {
$this->redirect($this->Auth-
>redirect());
} else {
$this->Session->setFlash(__('Invalid
username or password, try again'));
}
}
}
public function logout() {
$this->redirect($this->Auth->logout());
}
public function index() {
}
}
Here.s my Config/routes.php
Router::connect('/', array('controller' => 'operators',
'action' => 'index'));
Router::connect('/admin', array('controller' => 'users',
'action' => 'index', 'admin' => true));
Router::connect('/:action', array('controller' =>
'operators'));
#Router::connect('/pages/*', array('controller' => 'pages',
'action' => 'display'));
CakePlugin::routes();
require CAKE . 'Config' . DS . 'routes.php';
Can you tell me why it keeps throwing me to an unrelated users/login?
I'm not even accessing that controller.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Many-to-many ACL
http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/ To DB https://github.com/justinledwards/tinyauthdb/blob/2.1/app/Controller/Component/Auth/TinyAuthorize.php On Tue, May 15, 2012 at 1:47 PM, rihad wrote: > Hi. I need users to belong to more than one role. Like "Can-do-this", > "Can-do-that", etc. I think a many-to-many relationship fits this > need. Like this (in pseudo-sql) > > table users: > id int primary key; > name varchar; > > table roles: > id int primary key; > name varchar; > > table roles_users: > id int primary key; > user_id foreign key users(id); > role_id foreign key roles(id); > > So each user can have multiple roles listed in roles_users. I looked > at the ACL tutorial: > > http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application.html > but it only makes use of a single group_id. Cake's Auth subsystem > looks fine to me. Can I use it with multiple roles described above? > Thanks. > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Many-to-many ACL
Hi. I need users to belong to more than one role. Like "Can-do-this", "Can-do-that", etc. I think a many-to-many relationship fits this need. Like this (in pseudo-sql) table users: id int primary key; name varchar; table roles: id int primary key; name varchar; table roles_users: id int primary key; user_id foreign key users(id); role_id foreign key roles(id); So each user can have multiple roles listed in roles_users. I looked at the ACL tutorial: http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application.html but it only makes use of a single group_id. Cake's Auth subsystem looks fine to me. Can I use it with multiple roles described above? Thanks. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
