Auth, ACL, proxy server mixed up sessions?
Hi, With the (public) http://futbol.olafrv.com CakePHP (1.3) application I have a similar problem described here: http://groups.google.com/group/cake-php/browse_thread/thread/4eb24c599fe3f7fd/578ac0b8d3406eff?lnk=gst&q=proxy#578ac0b8d3406eff And cited here: "I am having trouble with sessions and a proxy server. My site uses Auth and ACL and it works fine in all my testing. However, now someone with Microsoft Proxy server is using it and the sessions are getting mixed up - when one user logs in they sometimes get another users info (i.e. the sessions are confused)." By the way: All over the Internet with other proxies and without proxies my app works fine. Any ideas? Regards. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Complicated ACL Situation
Hello fellow cake-bakers! I'm making a small application to handle project related information in order to learn how to use CakePHP. I'm having troubles with ACL. The ACL idea is quite straight forward but implementing it on a real-life app proves not to be easy. I would like your suggestions on how to deal with the following situation: My app has the following tables: users: Keeps the users info (username, pass, email, group, etc) groups: Groups where the users belong to. I have "administrators", "managers" and "registered" roles: Roles for the registered users. I have "leader", "member" and "guest". memberships: This table keeps the relationship between users, roles and projects. projects: Keeps the projects info items: Projects have several information items. This table keeps these items. The tables have the following relationships: users: hasMany Memberships, belongsTo Groups. groups: hasMany Users roles: hasMany Memberships memberships: belongsTo Users, Projects, Roles projects: hasMany Memberships, Items items: belongsTo Projects Basically managers (or administrators) can assign roles to registered users. Leaders and members can belong to several projects. Those belonging to a specific project can edit that project's data and its associated items. Leaders can assign members to a project from the pool of registered users. Here is the situation in terms of CRUD: Administrators: Full CRUD on everything (users, memberships, projects, items) Managers: Can CRUD users of type "registered" but not "managers" or "administrators". Full CRUD on memberships, projects and items. registered: Can do different things based on their roles: leaders (role): Can update their own user info and read other user data that belong to their projects (info stored in the "memberships" table). Can CRUD memberships for their projects. Can CRUD items for their own projects. Can update their own projects. members (role): Can update their own user info and read other user data that belong to their projects. Can CRUD items for their own projects. Can read memberships for their own projects. Can update their own projects. guests (role): Can update their own user info. Can read projects. Based on the above situation what do you think will be the best approach to deal with it? I tried with ACL but somewhere on the way I lost it. I tried playing with some of the ACL plugins available with no success. The biggest challenge is to deal with the permission creation by the managers and administrators. Please help! I'm not yet an adept cake-baker so please be kind. Your suggestions and recommendation will be greatly appreciated. Thank you! -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: ACL issue
Hi Don, Sorry for taking so long to reply (study commitments) basically your suggestion works brilliantly - I'm only annoyed I didn't realise your suggestion myself. Thanks again for saving me a lot of agro :) --Felix [My e-mail load: http://courteous.ly/AXc5sh] On Thursday, 5 May 2011 at 23:49, dreamingmind wrote: > Felix, > > I'm not aware of anything that would prevent a User from having > several connections into the aros table. You have three fields in aros > that can potentially play a role in connecting a user to an aros node: > alias > model > foreign_key > > If you had a president that was User.id=12, you could easily have > several records that read Aros.model='User' Aros.foreign_key=12 and > that were each children of different aros parents (or you could use > alias to do the job). Once could be a child of President, another the > child of Instructor/Theory. > > Each child would have different acos permissions and your > authentication check would just have to look out for the multiple > permissions. > > So let's say you set alia to a concatenation of model and id like some > of the tutorials do, your aros tree could look like this: > > Overlord (a master account) > - Committee > - President > - User::12 > - Treasurer > - etc. > - Instructors > - Practical > - Theory > - User::12 > - Trainees > > Regards, > Don > > On May 4, 2:35 pm, Felix (http://felixfennell.co.uk)> wrote: > > Hello everyone, > > > > I have a query regarding how to structure the ACL system in my app. > > > > Basically i'm creating a management app for a diving club. The club > > has three broad groups, > > > > - Instructors > > - Trainees > > - Committee > > > > The ACL tree looks like this at the moment > > > > - Sebastian (name of site) > > Overlord (a master account) > > - Committee > > - President > > - Treasurer > > - etc. > > - Instructors > > - Practical > > - Theory > > - Trainees > > > > Each position above is a group (name, description) which have many to > > one relationships with a user (username, password, name). > > > > The above system works fine except for one problem. Committee members > > are always either an instructor or trainee, therefore they need to be > > assigned to two groups (instructor/trainee AND the relevant committee > > position). > > > > Basically I need to place a user into two levels in the tree which > > aren't related to each other hierarchically. > > > > As far as I know this isn't possible with Cake's ACL component unless > > theres something I've missed. I know the relationship between groups > > -- users needs changing to a HABTM relationship but I'm unsure how ACL > > treats these. > > > > Has anyone come across this sort of problem before and able to outline > > their solution, or have I been an idiot and missed something really > > obvious. > > > > Sorry for such a long message, I didn't want to miss anything out - > > thanks in advance, > > > > --Felix Fennell > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: How to inactive Acl
http://book.cakephp.org/view/1545/Preparing-to-Add-Auth At the bottom it explains how to allow actions currently not initialised as ACO's. On Jun 13, 7:21 pm, taq wrote: > now I use acl component in my webapp > when I add new action I got you unauthorize to access this location > I must to build new aco but I lazy I need to build after project > complete -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
How to inactive Acl
now I use acl component in my webapp when I add new action I got you unauthorize to access this location I must to build new aco but I lazy I need to build after project complete -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
CakePHP Auth and Acl
Hi all again... I've started my Cake project and I have now to make my login and permissions area. I am following the CakePHP 1.3 Book on the "Simple Acl controlled Application" (http://bit.ly/juYfI7) to make my login and auth funcionalities working. Is that the unique way to do this? Is there a easier way? That ideia of creating 3 tables pre-defined on the database, etc... Is there a easier way? Thanks a lot... Junior Grossi juninh...@gmail.com -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Slow Build Acl
On Tue, May 31, 2011 at 5:58 PM, thom wrote: > On Tue, May 31, 2011 at 5:53 PM, Jens Dittrich wrote: >> eventually adding some indexes might also help, see: >> http://www.mainelydesign.com/blog/view/speeding-up-cakephp-acl-component >> > > OK. I'll try it. Thank you everyone.. :) > Done! It really works.. Thank you Jens Dittrich.. :) -- Regards,,, mastanto (thom_) http://mynameisthom.tumblr.com http://mynameisthom.blogspot.com http://www.twitter.com/mastanto_ -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Slow Build Acl
On Tue, May 31, 2011 at 5:53 PM, Jens Dittrich wrote: > eventually adding some indexes might also help, see: > http://www.mainelydesign.com/blog/view/speeding-up-cakephp-acl-component > OK. I'll try it. Thank you everyone.. :) -- Regards,,, mastanto (thom_) http://mynameisthom.tumblr.com http://mynameisthom.blogspot.com http://www.twitter.com/mastanto_ -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Aw: Slow Build Acl
eventually adding some indexes might also help, see: http://www.mainelydesign.com/blog/view/speeding-up-cakephp-acl-component -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Aw: Slow Build Acl
I assume you have used the build_acl function from the tutorial in the book. I had the same experience in an application with 50 controllers and about 5 functions average per controller. I think the main problem is, that the ACL behaviour is building a tree and this tree has to be sortet after each insert. So there are quite some hits to the database and also quite some php activity involved. I had to raise the timeout in the php.ini to something like 240 or 300 and I also adjustet the MySQL settings for innodb to allow more memory in my development setup (XAMPP 1.7.4 on windows). So all you can do is providing more ressources and raising the timeout on your development machine. Usually enviorments like XAMPP or such try to limit the ressources of Apache, PHP and MySQL so that you can still use your machines ressources for other things but XAMPP. That might create a bottleneck when running these intesive tasks. regards, Jens -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Slow Build Acl
Hello,, I am facing a problem in building acl (build_acl). In the beginning, it was no problem. Everything is OK. But, when my controllers are increasing, building acl is getting slower and 'heavey'. I got maximum exceed. I've increased the time to 240 seconds. But still, appears. Some times, I have to reload many times till the execution done. But, lately, I wont work. What happen exactly? Or are there any way to solve this problem? FYI. I am using CakePHP 1.3.8 Thank you in advance. -- Regards,,, mastanto (thom_) http://mynameisthom.tumblr.com http://mynameisthom.blogspot.com http://www.twitter.com/mastanto_ -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: acl for dummies?
why not try use phpgacl..there is plugin component for cake.. On May 29, 2011 3:21 AM, "dreamingmind" wrote: > Michael, > > Non-expert reply: > After fiddling with ACL for a while I'll say, yes it can do all you > want. The aco entries can represent anything you want them to, > controllers, actions, individual db records, tabes, urls... Aros can > likewise represent anything you choose, users, controllers, actions, > ip adresses... > > The permission table will hook up the allowable combinations. And > since both aros and acos are in a tree structure you can set up any > grouping or nesting that serves your needs. > > It is worth noting that there are two ways to identify an aro or aco > node, by alias or by table and id. Ponder the value of these two ways > of identifying a requestor or controlled item. > > As to the specifics of implementing your system... I can't be too > specific because I'm stilling trying to sort this out. It seems you > can always resort to a kind of brute force approach. At the critical > point in your logic you test: does this aro have permission to access > this aco? > > This is the area where I find the tutorials a bit vague. They assume > that there is always going to be a standard pattern for testing. User > to action or user to crud function on a table. Possibly because my > thinking is too fuzzy to build my apps cleanly or possibly because > this ideal situation is not realistic, I have found it a bit confusing > decide what testing mode to use and where to have the checks made. > > You are probably going to need to build some before and after save > code to make sure proper permissions are set up as things grow. A > simple case from tutorials: when a user registers, the save code could > make the new user aro record and an aco entry and give them permission > to access their own db record. > > In your case, the work product of a company employee on a project > might need to be listed as a child aco in a collection that was > accessible to managers of that company. > > Regards, > Don > > On May 28, 3:54 pm, mivogtGermanyLU wrote: >> Hi there, >> >> after spending some hours of reading the chapert about acl/aro/acro in the >> cake books and the cake homepage I am still or even more confused about the >> topic. >> I understood the meaning of a tree containing the rights but I am absolute >> not sure about if it matches my needs or even on how to realize it in my >> app. >> >> So any helping comment is welcome. Linked full tutorials would be great, >> too. >> >> My app consists of a set of MVC stuff to register services grated by users >> to be manged from users to be done by users for users with some hierachy in >> background. >> So there needs to be a superadmin to setup the users in all levels >> I need granters to grant projects >> I need some to set up the jobs getters and workers >> etc >> >> and in the meaning of some safety the i.e. workers shokld not be able to >> change or delete granted jobs etc >> >> so basically I need to limit the actions/views allowed to a specific logged >> in users (after login using auth component) >> secondly I need to limit the datasets shown to a user based on his role and >> the linked models content >> >> i.e. >> 2 company are granting services to be done for customers with no need to >> know each other or the others customers >> if a company grants a service for a customer a service-company is named to >> fullfill it. So the C sets up the job to be done and the company to do the >> job >> The servicecompany will have staffs getting some kind of tickes with jobs to >> be done and the staff will need to fill a timereport linked to a granted job >> (containing the job_id dthe granterid, the service_id datwe,time etc) with >> the limitation he wont be able to see jobs done for the customer by others >> ... >> >> to me it looks a bit difficult to split it up into roles only >> maybe I need some kind of data-limiting functions, too. Any chance to get it >> done by the acl or will I need to add some conditions in my find() inside >> the controllers? >> >> Thanks in advance >> >> Michael > > -- > Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: acl for dummies?
Michael, Non-expert reply: After fiddling with ACL for a while I'll say, yes it can do all you want. The aco entries can represent anything you want them to, controllers, actions, individual db records, tabes, urls... Aros can likewise represent anything you choose, users, controllers, actions, ip adresses... The permission table will hook up the allowable combinations. And since both aros and acos are in a tree structure you can set up any grouping or nesting that serves your needs. It is worth noting that there are two ways to identify an aro or aco node, by alias or by table and id. Ponder the value of these two ways of identifying a requestor or controlled item. As to the specifics of implementing your system... I can't be too specific because I'm stilling trying to sort this out. It seems you can always resort to a kind of brute force approach. At the critical point in your logic you test: does this aro have permission to access this aco? This is the area where I find the tutorials a bit vague. They assume that there is always going to be a standard pattern for testing. User to action or user to crud function on a table. Possibly because my thinking is too fuzzy to build my apps cleanly or possibly because this ideal situation is not realistic, I have found it a bit confusing decide what testing mode to use and where to have the checks made. You are probably going to need to build some before and after save code to make sure proper permissions are set up as things grow. A simple case from tutorials: when a user registers, the save code could make the new user aro record and an aco entry and give them permission to access their own db record. In your case, the work product of a company employee on a project might need to be listed as a child aco in a collection that was accessible to managers of that company. Regards, Don On May 28, 3:54 pm, mivogtGermanyLU wrote: > Hi there, > > after spending some hours of reading the chapert about acl/aro/acro in the > cake books and the cake homepage I am still or even more confused about the > topic. > I understood the meaning of a tree containing the rights but I am absolute > not sure about if it matches my needs or even on how to realize it in my > app. > > So any helping comment is welcome. Linked full tutorials would be great, > too. > > My app consists of a set of MVC stuff to register services grated by users > to be manged from users to be done by users for users with some hierachy in > background. > So there needs to be a superadmin to setup the users in all levels > I need granters to grant projects > I need some to set up the jobs getters and workers > etc > > and in the meaning of some safety the i.e. workers shokld not be able to > change or delete granted jobs etc > > so basically I need to limit the actions/views allowed to a specific logged > in users (after login using auth component) > secondly I need to limit the datasets shown to a user based on his role and > the linked models content > > i.e. > 2 company are granting services to be done for customers with no need to > know each other or the others customers > if a company grants a service for a customer a service-company is named to > fullfill it. So the C sets up the job to be done and the company to do the > job > The servicecompany will have staffs getting some kind of tickes with jobs to > be done and the staff will need to fill a timereport linked to a granted job > (containing the job_id dthe granterid, the service_id datwe,time etc) with > the limitation he wont be able to see jobs done for the customer by others > ... > > to me it looks a bit difficult to split it up into roles only > maybe I need some kind of data-limiting functions, too. Any chance to get it > done by the acl or will I need to add some conditions in my find() inside > the controllers? > > Thanks in advance > > Michael -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
acl for dummies?
Hi there, after spending some hours of reading the chapert about acl/aro/acro in the cake books and the cake homepage I am still or even more confused about the topic. I understood the meaning of a tree containing the rights but I am absolute not sure about if it matches my needs or even on how to realize it in my app. So any helping comment is welcome. Linked full tutorials would be great, too. My app consists of a set of MVC stuff to register services grated by users to be manged from users to be done by users for users with some hierachy in background. So there needs to be a superadmin to setup the users in all levels I need granters to grant projects I need some to set up the jobs getters and workers etc and in the meaning of some safety the i.e. workers shokld not be able to change or delete granted jobs etc so basically I need to limit the actions/views allowed to a specific logged in users (after login using auth component) secondly I need to limit the datasets shown to a user based on his role and the linked models content i.e. 2 company are granting services to be done for customers with no need to know each other or the others customers if a company grants a service for a customer a service-company is named to fullfill it. So the C sets up the job to be done and the company to do the job The servicecompany will have staffs getting some kind of tickes with jobs to be done and the staff will need to fill a timereport linked to a granted job (containing the job_id dthe granterid, the service_id datwe,time etc) with the limitation he wont be able to see jobs done for the customer by others ... to me it looks a bit difficult to split it up into roles only maybe I need some kind of data-limiting functions, too. Any chance to get it done by the acl or will I need to add some conditions in my find() inside the controllers? Thanks in advance Michael -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Use the Auth or Acl
hey I'm new in cake and now I initial build my first project and succesful to use Auth component and next step I want to make permission group and I read Acl in book.cakephp and I confused in it . and I try to search other way to I found the auth component It can be done and I have question in future if my project have many feature and table Auth or Acl thing that can manage it better. I will have to study the instructions and use sorry to my bad english -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Administrator Menu with ACL
Thank you majna. I just try to use it on cakephp 1.38 but it is very very slow, it do 19.000 query at time and the variable $menu is empty to the end of the process. In addition I don't undestand well how can I use it. Thank you On May 16, 6:17 pm, majna wrote: > https://github.com/markstory/cakephp_menu_component > > On May 16, 11:57 am, Carachi wrote: > > > > > > > > > Hello, > > I want to ask if someone know a package to create a dynamic > > administrator menu based on ACL settings. > > So if a user login as administrator, he can see all function in his > > menu; if he isn't the administrator, he can see only the allow > > function for his group. > > > Thank you very much > > Bye -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Administrator Menu with ACL
https://github.com/markstory/cakephp_menu_component On May 16, 11:57 am, Carachi wrote: > Hello, > I want to ask if someone know a package to create a dynamic > administrator menu based on ACL settings. > So if a user login as administrator, he can see all function in his > menu; if he isn't the administrator, he can see only the allow > function for his group. > > Thank you very much > Bye -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Administrator Menu with ACL
Hello, I want to ask if someone know a package to create a dynamic administrator menu based on ACL settings. So if a user login as administrator, he can see all function in his menu; if he isn't the administrator, he can see only the allow function for his group. Thank you very much Bye -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: ACL issue
Felix, I'm not aware of anything that would prevent a User from having several connections into the aros table. You have three fields in aros that can potentially play a role in connecting a user to an aros node: alias model foreign_key If you had a president that was User.id=12, you could easily have several records that read Aros.model='User' Aros.foreign_key=12 and that were each children of different aros parents (or you could use alias to do the job). Once could be a child of President, another the child of Instructor/Theory. Each child would have different acos permissions and your authentication check would just have to look out for the multiple permissions. So let's say you set alia to a concatenation of model and id like some of the tutorials do, your aros tree could look like this: Overlord (a master account) - Committee - President - User::12 - Treasurer - etc. - Instructors - Practical - Theory - User::12 - Trainees Regards, Don On May 4, 2:35 pm, Felix wrote: > Hello everyone, > > I have a query regarding how to structure the ACL system in my app. > > Basically i'm creating a management app for a diving club. The club > has three broad groups, > > - Instructors > - Trainees > - Committee > > The ACL tree looks like this at the moment > > - Sebastian (name of site) > Overlord (a master account) > - Committee > - President > - Treasurer > - etc. > - Instructors > - Practical > - Theory > - Trainees > > Each position above is a group (name, description) which have many to > one relationships with a user (username, password, name). > > The above system works fine except for one problem. Committee members > are always either an instructor or trainee, therefore they need to be > assigned to two groups (instructor/trainee AND the relevant committee > position). > > Basically I need to place a user into two levels in the tree which > aren't related to each other hierarchically. > > As far as I know this isn't possible with Cake's ACL component unless > theres something I've missed. I know the relationship between groups > -- users needs changing to a HABTM relationship but I'm unsure how ACL > treats these. > > Has anyone come across this sort of problem before and able to outline > their solution, or have I been an idiot and missed something really > obvious. > > Sorry for such a long message, I didn't want to miss anything out - > thanks in advance, > > --Felix Fennell -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
ACL issue
Hello everyone, I have a query regarding how to structure the ACL system in my app. Basically i'm creating a management app for a diving club. The club has three broad groups, - Instructors - Trainees - Committee The ACL tree looks like this at the moment - Sebastian (name of site) Overlord (a master account) - Committee - President - Treasurer - etc. - Instructors - Practical - Theory - Trainees Each position above is a group (name, description) which have many to one relationships with a user (username, password, name). The above system works fine except for one problem. Committee members are always either an instructor or trainee, therefore they need to be assigned to two groups (instructor/trainee AND the relevant committee position). Basically I need to place a user into two levels in the tree which aren't related to each other hierarchically. As far as I know this isn't possible with Cake's ACL component unless theres something I've missed. I know the relationship between groups -- users needs changing to a HABTM relationship but I'm unsure how ACL treats these. Has anyone come across this sort of problem before and able to outline their solution, or have I been an idiot and missed something really obvious. Sorry for such a long message, I didn't want to miss anything out - thanks in advance, --Felix Fennell -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Auth & ACL - How to determine if a user was logged out because of session timeout
Hey, I have a little problem with the Auth Messages when logging into an app. I reworked everything so Auth Errors are displayed correctly (like "Please login to view the requested site") but I'm still having trouble with one thing: In my app the session time is set to about 120 Minutes. After that, when you click on sth. that is protected by Auth & Acl, the user is logged out and needs to log in again. That's fine I think, but when the user is logged out because of a session timeout, the SAME error Message (defined in app controller, AuthError) is displayed to the user. So my question is: Is there ANY way to determine wether a user was not logged in before and wants to see content that he has to log in for OR the user requested a site within the app but the session was timed out? I could alter the message container to display a "Why was I logged out?" where I explain that a user either needs to log in because of protected content or because the session was timed out, but I that's just a workaround... Also, is there any chance to modify the session time or even KILL the session timeout within the app by a controller function? I have a function "auto login" (component) which would be nice to use without a session time limit... Any help is MUCH appreciated (because it's on of the last tasks I have to complete to finish a very important milestone ;) ) Regards, DD -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: ACL: extending the DbAcl class
Hi Tim,
thanks for your answer, that's what I was looking for :). Wanted to
specify, in case someone else is interested, that you need to include
the line
App::import('Core','Acl');
in my_db_acl.php.
Cheers,
ojonam
On Apr 8, 5:00 pm, Tilen Majerle wrote:
> in app/app_controller.php do this before class AppController starts...
>
>
> App::import('Lib', 'MyDbAcl');
> class AppController extends Controller //this you should already have
> ...
> ...
> ...
> ?>
>
> place your my_db_acl.php file inside app/libs folder...:)
>
> --
> Lep pozdrav, Tilen Majerlehttp://majerle.eu
>
> 2011/4/8 ojonam
>
> > Hello all,
>
> > due to some specific needs for my app with respect to Acl, I have
> > extended the DbAcl class which resides in cake/libs/controllers/
> > components/acl.php :
>
> > MyDbAcl extends DbAcl { //lots of code }
>
> > I do not want this code to reside in the above file, because it is
> > application specific, and therefore has no place in the cake
> > libraries. The problem is, however, in core.php, I have to specify
> > which class to use in the following manner:
>
> > Configure::write('Acl.classname', 'MyDbAcl');
>
> > When I do this, I get an error message on the browser, telling me that
> > MyDbAcl has not been defined in the acl.php file.
>
> > What are my options here? The worst case is obviously to include the
> > MyDbAcl code in the libs, but it isn't really very neat.
>
> > Cheers,
> > ojonam
>
> > --
> > Our newest site for the community: CakePHP Video Tutorials
> >http://tv.cakephp.org
> > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help
> > others with their CakePHP related questions.
>
> > To unsubscribe from this group, send email to
> > cake-php+unsubscr...@googlegroups.com For more options, visit this group
> > athttp://groups.google.com/group/cake-php
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Acl->allow() Troubles
Wait. Dang. I just figured it out. Thanks for listening, people. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Acl->allow() Troubles
I'm getting the error, "DbAcl::allow() - Invalid node" when attempting to allow node access. The parameters are: $aro= "1"$aco = "controllers/Pages/delete"$actions = "*"$value = 1$perms = false$permKeys = array( "_create", "_read","_update", "_delete")$save = array() The ACO specified definitely exists and is in the hierarchy specified. The ARO also exists. I'm using the examples from the CakePHP book here: http://book.cakephp.org/view/1550/Setting-up-permissions I am at a bit of a loss as to what is wrong, here. Can anyone shed some light on this? The problem is in part: the getAclLink function returns the same error regardless of whether the ACO or the ARO node is the problem, so its hard to lock down what exactly is wrong. I've tried isolating the problem by using the above-linked example and mirroring actual values in the database (as opposed to a live situation with dynamically-assigned ARO/ACO) and that hasn't helped me at all. Thanks in advance! -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: ACL: extending the DbAcl class
in app/app_controller.php do this before class AppController starts...
place your my_db_acl.php file inside app/libs folder...:)
--
Lep pozdrav, Tilen Majerle
http://majerle.eu
2011/4/8 ojonam
> Hello all,
>
> due to some specific needs for my app with respect to Acl, I have
> extended the DbAcl class which resides in cake/libs/controllers/
> components/acl.php :
>
> MyDbAcl extends DbAcl { //lots of code }
>
> I do not want this code to reside in the above file, because it is
> application specific, and therefore has no place in the cake
> libraries. The problem is, however, in core.php, I have to specify
> which class to use in the following manner:
>
> Configure::write('Acl.classname', 'MyDbAcl');
>
> When I do this, I get an error message on the browser, telling me that
> MyDbAcl has not been defined in the acl.php file.
>
> What are my options here? The worst case is obviously to include the
> MyDbAcl code in the libs, but it isn't really very neat.
>
> Cheers,
> ojonam
>
> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group
> at http://groups.google.com/group/cake-php
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
ACL: extending the DbAcl class
Hello all,
due to some specific needs for my app with respect to Acl, I have
extended the DbAcl class which resides in cake/libs/controllers/
components/acl.php :
MyDbAcl extends DbAcl { //lots of code }
I do not want this code to reside in the above file, because it is
application specific, and therefore has no place in the cake
libraries. The problem is, however, in core.php, I have to specify
which class to use in the following manner:
Configure::write('Acl.classname', 'MyDbAcl');
When I do this, I get an error message on the browser, telling me that
MyDbAcl has not been defined in the acl.php file.
What are my options here? The worst case is obviously to include the
MyDbAcl code in the libs, but it isn't really very neat.
Cheers,
ojonam
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: cakephp 1.3.8 plugin ACL Filter on Croogo
What debug level is set in core.php when you get that blank page? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
cakephp 1.3.8 plugin ACL Filter on Croogo
Hi,
I installed a open source CMS named Croogo succesfully on my linux
server. The problem now is when i try to login to the admin page. WHen
i try to login i get an empty or blank page. I try to debug this issue
by printing out the necessary data and params on beforeFilter but it
seems it's too hard to debug.
When it goes to the component to AclFIlter thats where seems the
problem comes in. Please help me as I try to debug this for 4
consecutive nights now.
public $components = array(
'Croogo',
'Security',
'Acl',
'Auth',
'Acl.AclFilter',
'Session',
'RequestHandler',
'Cookie' ,
'DebugKit.Toolbar'
);
public function beforeFilter() {
$this->AclFilter->auth();
$this->RequestHandler->setContent('json', 'text/x-json');
$this->Security->blackHoleCallback = '__securityError';
if (isset($this->params['admin']) && $this->name !=
'CakeError') {
$this->layout = 'admin';
}
if ($this->RequestHandler->isAjax()) {
$this->layout = 'ajax';
}
if (Configure::read('Site.theme') && !isset($this-
>params['admin'])) {
$this->theme = Configure::read('Site.theme');
} elseif (Configure::read('Site.admin_theme') && isset($this-
>params['admin'])) {
$this->theme = Configure::read('Site.admin_theme');
}
if (!isset($this->params['admin']) &&
Configure::read('Site.status') == 0) {
$this->layout = 'maintenance';
$this->set('title_for_layout', __('Site down for
maintenance', true));
$this->render('../elements/blank');
}
if (isset($this->params['locale'])) {
Configure::write('Config.language', $this-
>params['locale']);
}
}
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Is it time for ACL?
Thanks Chris, Will do. Adam. On Apr 4, 4:38 pm, Chris wrote: > Sounds perfect to me, And to anticipate any issues you might have... > Here is a good little github project that > providesACLmanagementhttps://github.com/interlock/acl_plugin > > Just read it up on the CakePHP book listed on that project, try out > theACL+Auth setup on a dummy project first and then go ahead. Thats > what I would do. > > On Apr 4, 12:13 am, adam_g2000 wrote: > > > > > Hi All, > > > I've been working on a project, that is essentially an artists > > portfolio. She's just dropped a bombshell, previously, the > > authentication was simple. You either had rights to view the site and > > it's CMS or you had the rights to view only the site. > > > Now she wants to *lock* certain areas of the site, so that she can > > show some work, to only some people. So it sounds to me like I need to > > learn theACLcomponent. Or is that too complicated for what I'm > > doing? > > > the site mainly consists of visual 'lists' of links to images (which > > are in a db of course). In a page of these links, I'm showing the > > whole list, within a controllers method. When we move forward, it may > > be that the method will need to show only some of these links based on > > theACL, is this level of granularity possible, or does simpleACL > > stop at the method? > > > Thanks in advance for any advice, > > > Adam. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Is it time for ACL?
Sounds perfect to me, And to anticipate any issues you might have... Here is a good little github project that provides ACL management https://github.com/interlock/acl_plugin Just read it up on the CakePHP book listed on that project, try out the ACL+Auth setup on a dummy project first and then go ahead. Thats what I would do. On Apr 4, 12:13 am, adam_g2000 wrote: > Hi All, > > I've been working on a project, that is essentially an artists > portfolio. She's just dropped a bombshell, previously, the > authentication was simple. You either had rights to view the site and > it's CMS or you had the rights to view only the site. > > Now she wants to *lock* certain areas of the site, so that she can > show some work, to only some people. So it sounds to me like I need to > learn the ACL component. Or is that too complicated for what I'm > doing? > > the site mainly consists of visual 'lists' of links to images (which > are in a db of course). In a page of these links, I'm showing the > whole list, within a controllers method. When we move forward, it may > be that the method will need to show only some of these links based on > the ACL, is this level of granularity possible, or does simple ACL > stop at the method? > > Thanks in advance for any advice, > > Adam. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Is it time for ACL?
Hi All, I've been working on a project, that is essentially an artists portfolio. She's just dropped a bombshell, previously, the authentication was simple. You either had rights to view the site and it's CMS or you had the rights to view only the site. Now she wants to *lock* certain areas of the site, so that she can show some work, to only some people. So it sounds to me like I need to learn the ACL component. Or is that too complicated for what I'm doing? the site mainly consists of visual 'lists' of links to images (which are in a db of course). In a page of these links, I'm showing the whole list, within a controllers method. When we move forward, it may be that the method will need to show only some of these links based on the ACL, is this level of granularity possible, or does simple ACL stop at the method? Thanks in advance for any advice, Adam. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Please. I need help with ACL. I no understand one thing about restriction in ACL. Can somebody help me?
Then there must be something you were not doing right. Basically, first, you deny access to all controllers from anybody/any group. Then usually, you make/give permission to the admin so they have access to all controllers. It then follows by the other groups which you assign them permissions. This is the draft, correct sequence. Did any of the steps above sound familiar to you, did you follow that part? On Mar 22, 9:02 pm, mineiro-df wrote: > I'm new cake student and i have problem with ACL on this moment. > > I managed to make the simple system of limited access of the book of > the cake put that I realized an interesting thing. The user who has > less is accessed by me to the system in fact it manages to do > everything if I to work with the urls. I did all step by step from the > tutorial and apparently everything works that it ties the moment that > the most weak user manages to do everything when I call the actions > through the url. I need that he has access only the actions released > to him. > > Can anybody help me? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Please. I need help with ACL. I no understand one thing about restriction in ACL. Can somebody help me?
I'm new cake student and i have problem with ACL on this moment. I managed to make the simple system of limited access of the book of the cake put that I realized an interesting thing. The user who has less is accessed by me to the system in fact it manages to do everything if I to work with the urls. I did all step by step from the tutorial and apparently everything works that it ties the moment that the most weak user manages to do everything when I call the actions through the url. I need that he has access only the actions released to him. Can anybody help me? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: acl :: deny access to PostsController
Ok, so after days of debugging I finally found the answer..
Cakephp's auth component located in the cake/controller/components/
auth.php.
Line 312 tells me the sad news that the start-up function is not
properly instantiated, when controller is named 'tests'..
I called my controller tests1 and it worked !!
My god! had i only read this days ago :)
Hope I can spare others for the same mistake..
AKO
On Mar 16, 12:33 pm, AKO wrote:
> Im still playing around with this acl-tutorial and followed it with
> users,groups,posts,widgets and got it working without problems..
>
> As soon as I shift from from 'posts' to 'tests' the auth and vcl
> suddenly doesnt apply by magic and you can enter just by pressing a
> URL to the tests path/to/your/domain/tests/ ..
> All other url's (path/to/your/domain/users/ and path/to/your/domain/
> groups) are still protected by acl + auth but why not my tests.?
>
> Is there something magic about the table posts which cannot be applied
> to other name although the setup is exactly the same?
> Do I have to explicitly set something up in my test-model (ie. var
> $actsAs = array('Acl' => array('type' => 'controlled')); or
> parentNode() ) ?
>
> Dont understand this so please help me..
>
> AKO
>
> On Mar 15, 12:00 pm, AKO wrote:
>
> > So I read the tutorial over and over again and cant figure out why my
> > permissions are not working..
>
> > I followed the tutorial 11.2 and have almost similar structure but
> > instead of 'posts' and 'widgets' i have only 'tests':
>
> > - superadmin has acces to all controllers
> > - admin has acces to all controllers/Tests
> > - user can only view test(results)
>
> > My question is simple: Why can I enter URL tests/index when im not
> > authorized..??
> > Even if I set all my permissions to -1 I still can acces directly via
> > URL entering..??
>
> > Its like the Auth/Acl is only working on my UsersController and not
> > covering my TestsController..
>
> > Any help will be much appreciated..
>
> > INFO:
>
> > ARO's like this:
>
> > [1] superadmin
> > [5] User.18
> > [2] admin
> > [6] User.19
> > [3] user
> > [7] User.20
>
> > ACO's look like this:
> > [1] controllers
> > [2] Pages
> > [3] display
> > [4] add
> > [5] edit
> > [6] index
> > [7] view
> > [8] delete
> > [9] Users
> > [10] login
> > [11] logout
> > [12] index
> > [13] view
> > [14] add
> > [15] edit
> > [16] delete
> > [17] initDB
> > [18] Tests
> > [19] index
> > [20] view
> > [21] add
> > [22] edit
> > [23] delete
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: acl :: deny access to PostsController
Im still playing around with this acl-tutorial and followed it with
users,groups,posts,widgets and got it working without problems..
As soon as I shift from from 'posts' to 'tests' the auth and vcl
suddenly doesnt apply by magic and you can enter just by pressing a
URL to the tests path/to/your/domain/tests/ ..
All other url's (path/to/your/domain/users/ and path/to/your/domain/
groups) are still protected by acl + auth but why not my tests.?
Is there something magic about the table posts which cannot be applied
to other name although the setup is exactly the same?
Do I have to explicitly set something up in my test-model (ie. var
$actsAs = array('Acl' => array('type' => 'controlled')); or
parentNode() ) ?
Dont understand this so please help me..
AKO
On Mar 15, 12:00 pm, AKO wrote:
> So I read the tutorial over and over again and cant figure out why my
> permissions are not working..
>
> I followed the tutorial 11.2 and have almost similar structure but
> instead of 'posts' and 'widgets' i have only 'tests':
>
> - superadmin has acces to all controllers
> - admin has acces to all controllers/Tests
> - user can only view test(results)
>
> My question is simple: Why can I enter URL tests/index when im not
> authorized..??
> Even if I set all my permissions to -1 I still can acces directly via
> URL entering..??
>
> Its like the Auth/Acl is only working on my UsersController and not
> covering my TestsController..
>
> Any help will be much appreciated..
>
> INFO:
>
> ARO's like this:
>
> [1] superadmin
> [5] User.18
> [2] admin
> [6] User.19
> [3] user
> [7] User.20
>
> ACO's look like this:
> [1] controllers
> [2] Pages
> [3] display
> [4] add
> [5] edit
> [6] index
> [7] view
> [8] delete
> [9] Users
> [10] login
> [11] logout
> [12] index
> [13] view
> [14] add
> [15] edit
> [16] delete
> [17] initDB
> [18] Tests
> [19] index
> [20] view
> [21] add
> [22] edit
> [23] delete
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
acl :: deny access to PostsController
So I read the tutorial over and over again and cant figure out why my permissions are not working.. I followed the tutorial 11.2 and have almost similar structure but instead of 'posts' and 'widgets' i have only 'tests': - superadmin has acces to all controllers - admin has acces to all controllers/Tests - user can only view test(results) My question is simple: Why can I enter URL tests/index when im not authorized..?? Even if I set all my permissions to -1 I still can acces directly via URL entering..?? Its like the Auth/Acl is only working on my UsersController and not covering my TestsController.. Any help will be much appreciated.. INFO: ARO's like this: [1] superadmin [5] User.18 [2] admin [6] User.19 [3] user [7] User.20 ACO's look like this: [1] controllers [2] Pages [3] display [4] add [5] edit [6] index [7] view [8] delete [9] Users [10] login [11] logout [12] index [13] view [14] add [15] edit [16] delete [17] initDB [18] Tests [19] index [20] view [21] add [22] edit [23] delete -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: AJAX - ACL redirection
I already implemented an AJAX layout and I detect in my app_controller
if it is an AJAX request or a classic HTTP request.
In fact, I don't want to redirect the user to login action. Simply I
can have a user who IS ALREADY LOGGED IN and click on an AJAX action
that he can't access. So I want to display a dialog message that
alerts him he can't access this action. Moreover I have lot of
controllers and actions, ideally the solution would apply for all of
them.
On Feb 23, 11:19 am, Tilen Majerle wrote:
> and i forgor...maybe you want to disable autoRedirect
> optionhttp://book.cakephp.org/view/1274/autoRedirect
> --
> Lep pozdrav, Tilen Majerlehttp://majerle.eu
>
> 2011/2/23 Tilen Majerle
>
> > first, use RequestHandler componentthen check if is Ajax request so...
>
> > if ($this->RequestHandler->isAjax())
> > {
> > $this->layout = 'ajax';
> > }
> > else //not ajax, make redirect
> > {
> > $this->redirect('/');
> > }
>
> > make a layout new and name it "ajax.ctp" and put this inside:
> >
>
> > and in a view of controller, action, do this:
>
> > Session->flash('auth'); ?>
>
> > so if i explain, if there is no ajax call, it will redirect user, if IS
> > ajax, then will load new layout, which will display only view file of some
> > Controller/action idk like users/login.ctp and there inside login.ctp is
> > SessionHelper::flash() method which will display if any errors accured when
> > login...do u understand?
>
> > --
> > Lep pozdrav, Tilen Majerle
> >http://majerle.eu
>
> > 2011/2/23 Julien Barbedette
>
> > Hi,
>
> >> By default, the Auth component used with the ACL component redirects
> >> the user to the referer when this one can't access to the controller/
> >> action (last lines of method startup in auth component):
>
> >> if ($this->isAuthorized($type)) {
> >> return true;
> >> }
>
> >> $this->Session->setFlash($this->authError,
> >> $this->flashElement,
> >> array(), 'auth');
> >> $controller->redirect($controller->referer(), null, true);
> >> return false;
>
> >> This is ok when you make a classic HTTP query but what about an AJAX
> >> query? In my case, I don't want to display a complete page in my AJAX
> >> dialog but only a message alerting the user that he can't access to
> >> the page.
>
> >> Any idea to manage that or if a solution already exists?
>
> >> Thanks
>
> >> --
> >> Our newest site for the community: CakePHP Video Tutorials
> >>http://tv.cakephp.org
> >> Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help
> >> others with their CakePHP related questions.
>
> >> To unsubscribe from this group, send email to
> >> cake-php+unsubscr...@googlegroups.com For more options, visit this group
> >> athttp://groups.google.com/group/cake-php
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
RE: AJAX - ACL redirection
I asked similar question a while back and no answers.
There is an $this->Auth->ajaxLogin = '/elements/users/expired_login'; option
you can add in app_controller
My problem is a lot of my ajax calls are waiting for a JSON response.status
true or false then do something based on that so nothing happens for me with
$this->Auth->ajaxLogin = '/elements/users/expired_login'; since that just
pumps out plain html, not JSON which is what I need.
If I get around to figuring it out I will post it here.
K
-Original Message-
From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf
Of Julien Barbedette
Sent: Wednesday, February 23, 2011 1:40 PM
To: CakePHP
Subject: AJAX - ACL redirection
Hi,
By default, the Auth component used with the ACL component redirects
the user to the referer when this one can't access to the controller/
action (last lines of method startup in auth component):
if ($this->isAuthorized($type)) {
return true;
}
$this->Session->setFlash($this->authError,
$this->flashElement,
array(), 'auth');
$controller->redirect($controller->referer(), null, true);
return false;
This is ok when you make a classic HTTP query but what about an AJAX
query? In my case, I don't want to display a complete page in my AJAX
dialog but only a message alerting the user that he can't access to
the page.
Any idea to manage that or if a solution already exists?
Thanks
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help
others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: AJAX - ACL redirection
and i forgor...maybe you want to disable autoRedirect option
http://book.cakephp.org/view/1274/autoRedirect
--
Lep pozdrav, Tilen Majerle
http://majerle.eu
2011/2/23 Tilen Majerle
> first, use RequestHandler componentthen check if is Ajax request so...
>
> if ($this->RequestHandler->isAjax())
> {
> $this->layout = 'ajax';
> }
> else //not ajax, make redirect
> {
> $this->redirect('/');
> }
>
> make a layout new and name it "ajax.ctp" and put this inside:
>
>
> and in a view of controller, action, do this:
>
> Session->flash('auth'); ?>
>
>
>
> so if i explain, if there is no ajax call, it will redirect user, if IS
> ajax, then will load new layout, which will display only view file of some
> Controller/action idk like users/login.ctp and there inside login.ctp is
> SessionHelper::flash() method which will display if any errors accured when
> login...do u understand?
>
>
> --
> Lep pozdrav, Tilen Majerle
> http://majerle.eu
>
>
>
> 2011/2/23 Julien Barbedette
>
> Hi,
>>
>> By default, the Auth component used with the ACL component redirects
>> the user to the referer when this one can't access to the controller/
>> action (last lines of method startup in auth component):
>>
>>if ($this->isAuthorized($type)) {
>>return true;
>>}
>>
>>$this->Session->setFlash($this->authError,
>> $this->flashElement,
>> array(), 'auth');
>>$controller->redirect($controller->referer(), null, true);
>>return false;
>>
>> This is ok when you make a classic HTTP query but what about an AJAX
>> query? In my case, I don't want to display a complete page in my AJAX
>> dialog but only a message alerting the user that he can't access to
>> the page.
>>
>> Any idea to manage that or if a solution already exists?
>>
>> Thanks
>>
>> --
>> Our newest site for the community: CakePHP Video Tutorials
>> http://tv.cakephp.org
>> Check out the new CakePHP Questions site http://ask.cakephp.org and help
>> others with their CakePHP related questions.
>>
>>
>> To unsubscribe from this group, send email to
>> cake-php+unsubscr...@googlegroups.com For more options, visit this group
>> at http://groups.google.com/group/cake-php
>>
>
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: AJAX - ACL redirection
first, use RequestHandler componentthen check if is Ajax request so...
if ($this->RequestHandler->isAjax())
{
$this->layout = 'ajax';
}
else //not ajax, make redirect
{
$this->redirect('/');
}
make a layout new and name it "ajax.ctp" and put this inside:
and in a view of controller, action, do this:
Session->flash('auth'); ?>
so if i explain, if there is no ajax call, it will redirect user, if IS
ajax, then will load new layout, which will display only view file of some
Controller/action idk like users/login.ctp and there inside login.ctp is
SessionHelper::flash() method which will display if any errors accured when
login...do u understand?
--
Lep pozdrav, Tilen Majerle
http://majerle.eu
2011/2/23 Julien Barbedette
> Hi,
>
> By default, the Auth component used with the ACL component redirects
> the user to the referer when this one can't access to the controller/
> action (last lines of method startup in auth component):
>
>if ($this->isAuthorized($type)) {
>return true;
>}
>
>$this->Session->setFlash($this->authError,
> $this->flashElement,
> array(), 'auth');
>$controller->redirect($controller->referer(), null, true);
>return false;
>
> This is ok when you make a classic HTTP query but what about an AJAX
> query? In my case, I don't want to display a complete page in my AJAX
> dialog but only a message alerting the user that he can't access to
> the page.
>
> Any idea to manage that or if a solution already exists?
>
> Thanks
>
> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.com For more options, visit this group
> at http://groups.google.com/group/cake-php
>
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
AJAX - ACL redirection
Hi,
By default, the Auth component used with the ACL component redirects
the user to the referer when this one can't access to the controller/
action (last lines of method startup in auth component):
if ($this->isAuthorized($type)) {
return true;
}
$this->Session->setFlash($this->authError, $this->flashElement,
array(), 'auth');
$controller->redirect($controller->referer(), null, true);
return false;
This is ok when you make a classic HTTP query but what about an AJAX
query? In my case, I don't want to display a complete page in my AJAX
dialog but only a message alerting the user that he can't access to
the page.
Any idea to manage that or if a solution already exists?
Thanks
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Non-Admin logout issue (ACL)
Check what URL you are being given back by $this->Auth->logout()!
Enjoy,
John
On Feb 20, 10:27 am, sumri wrote:
> Hi,
>
> I'm new in CakePHP.
>
> Just setting up ACL for my apps with 3 user groups :
>
> - administrators
>
> - managers
>
> - users
>
> There's no issue with login - it's redirect to the right link.
>
> I've a problem when users logout.
>
> When i logged out with 'administrators' users, the apps will logged
> and redirect to the right link.
>
> But when i logged out using 'managers' & 'users' users, the app not
> logged out and redirect to the wrong page with "You are not authorized
> to access that location." message.
>
> here's my app_controller script :
>
> ==
> class AppController extends Controller {
> var $components = array('Acl', 'Auth', 'Session');
> var $helpers = array('Html', 'Form', 'Session');
> function beforeFilter() {
> //Configure AuthComponent
> $this->Auth->authorize = 'actions';
> $this->Auth->loginAction = array('controller' => 'users', 'action'
> => 'login');
> $this->Auth->logoutRedirect = array('controller' => 'users',
> 'action' => 'login');
> $this->Auth->loginRedirect = array('controller' =>
> 'ApplicationsUsers', 'action' => 'index');
> $this->Auth->actionPath = 'controllers/';
> $this->Auth->allowedActions = array('display');
> }
> }
> ?>
> ==
>
> and this is login and logout in my userscontroller
>
> ==
> function login() {
> if ($this->Session->read('Auth.User')) {
> $this->Session->setFlash('You are logged in!');
> $this->redirect('/', null, false);
> }
> }
>
> function logout() {
> $this->Session->setFlash('Good-Bye');
> $this->redirect($this->Auth->logout());
> }
>
> ==
>
> pls heelppp m..
>
> i've referred solution from this thread
> :http://groups.google.com/group/cake-php/browse_thread/thread/bb7472b0...
> unfortunately.. i've got same result.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Non-Admin logout issue (ACL)
Hi,
I'm new in CakePHP.
Just setting up ACL for my apps with 3 user groups :
- administrators
- managers
- users
There's no issue with login - it's redirect to the right link.
I've a problem when users logout.
When i logged out with 'administrators' users, the apps will logged
and redirect to the right link.
But when i logged out using 'managers' & 'users' users, the app not
logged out and redirect to the wrong page with "You are not authorized
to access that location." message.
here's my app_controller script :
==
Auth->authorize = 'actions';
$this->Auth->loginAction = array('controller' => 'users', 'action'
=> 'login');
$this->Auth->logoutRedirect = array('controller' => 'users',
'action' => 'login');
$this->Auth->loginRedirect = array('controller' =>
'ApplicationsUsers', 'action' => 'index');
$this->Auth->actionPath = 'controllers/';
$this->Auth->allowedActions = array('display');
}
}
?>
==
and this is login and logout in my userscontroller
==
function login() {
if ($this->Session->read('Auth.User')) {
$this->Session->setFlash('You are logged in!');
$this->redirect('/', null, false);
}
}
function logout() {
$this->Session->setFlash('Good-Bye');
$this->redirect($this->Auth->logout());
}
==
pls heelppp m..
i've referred solution from this thread :
http://groups.google.com/group/cake-php/browse_thread/thread/bb7472b0ef3d161/c7596953b630c51e?lnk=gst&q=logout#
unfortunately.. i've got same result.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Several questions about ACL
Obrigado para a resposta. Porém, eu preciso um web-interface para modificar ACO e ARO artigos. não se por que usar o ACL Behavior, ele é mesmo de o padrão ACL component. A coisa q eu deseo é, um interface q permiti um administrator fazer isso sim escrevendo codigo no PHP: $group = & $this->User->Group; $group->id = 2; $this->Acl->allow($group, 'controllers/Reports/view'); Então, vou escrever web interfact para ACL para fazer mesmo. On Feb 16, 8:32 pm, huoxito wrote: > I still have'n created a web interace to control permissioins with aros and > acos but i guess the Acl component would deal with most of the stuff. > > Are you using the Acl behavior on your user model? I don't think that user > should be repeated on the aros table ... -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Several questions about ACL
I still have'n created a web interace to control permissioins with aros and acos but i guess the Acl component would deal with most of the stuff. Are you using the Acl behavior on your user model? I don't think that user should be repeated on the aros table ... -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Several questions about ACL
hello all; I'm setting up an application with complex permissions and I have a bunch of questions. I'm trying to setup a web interface to let administrators specify which groups have which permissions. Is that possible/reasonable? I also want each user to have edit/delete access to their own stuff (like galleries and reports), manager-group access to almost everything, and most users read-only access to most actions. Right now in my AROS there's this: id parent_id model foreign_key alias lft rght 1 Group 1 (null) 1 14 2 Group 2 (null) 15 18 3 Group 3 (null) 19 26 5 1 User1 Piousbox2 3 6 2 User2 (null) 16 17 7 3 User3 (null) 20 21 8 1 User4 (null) 4 5 9 1 User5 (null) 6 7 10 1 User1 Piousbox8 9 11 User6 (null) 27 28 12 3 User7 (null) 22 23 13 3 User8 (null) 24 25 14 1 User9 (null) 12 13 15 1 User10 (null) 10 11 so in id's 5 and 10 the user Piousbox repeats. Is that a problem, should I worry about this repetition or no? How would I begin to write a web interface to AROs and ACOs? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Through ACL for all view.
I have one app where ACL is not integrated yet.Now want to integrate ACL.Where I have to do such a way that only admin can add data.Can I now by ACL add authentication such as all view except "add" can access by other user. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: ACL Tutorial SQL statements
thank you! -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: ACL Tutorial SQL statements
This issue was recently fixed, please visit the book page again to see correct code samples On Feb 7, 11:32 am, Cyrus wrote: > Im not quite sure if I just don't see it, but > inhttp://book.cakephp.org/view/1543/Simple-Acl-controlled-Application#!... > it says " Execute the following SQL statements into your database." where > there are no SQL statements on the whole page. Could someone tell me where > to find those? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
ACL Tutorial SQL statements
Im not quite sure if I just don't see it, but in http://book.cakephp.org/view/1543/Simple-Acl-controlled-Application#!/view/1544/Preparing-our-Application it says " Execute the following SQL statements into your database." where there are no SQL statements on the whole page. Could someone tell me where to find those? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
some error with ARO/ACO ACL
i use cakephp(v1.3.7) ACL i have this error:
Warning (512): DbAcl::check() - Failed ARO/ACO node lookup in
permissions check. Node references:
Aro: Array
(
[User] => Array
(
[id] => 1
[username] => root
[group_id] => 1
[created] => 2011-02-01 07:19:20
[modified] => 2011-02-01 07:50:36
)
)
Aco: Pages/display [CORE\cake\libs\controller\components\acl.php, line
273]
Code | Context
if (empty($aroPath) || empty($acoPath)) {
trigger_error(__("DbAcl::check() - Failed ARO/ACO node lookup in
permissions check. Node references:\nAro: ", true) . print_r($aro,
true) . "\nAco: " . print_r($aco, true), E_USER_WARNING);
$aro = array(
"User" => array(
"id" => "1",
"username" => "root",
"group_id" => "1",
"created" => "2011-02-01 07:19:20",
"modified" => "2011-02-01 07:50:36"
)
)
$aco = "Pages/display"
$action = "*"
$permKeys = array(
"_create",
"_read",
"_update",
"_delete"
)
$aroPath = array(
array(
"Aro" => array()
),
array(
"Aro" => array()
)
)
$acoPath = false
DbAcl::check() - CORE\cake\libs\controller\components\acl.php, line
273
AclComponent::check() - CORE\cake\libs\controller\components\acl.php,
line 92
AuthComponent::isAuthorized() - CORE\cake\libs\controller\components
\auth.php, line 527
AuthComponent::startup() - CORE\cake\libs\controller\components
\auth.php, line 445
Component::triggerCallback() - CORE\cake\libs\controller
\component.php, line 186
Controller::startupProcess() - CORE\cake\libs\controller
\controller.php, line 523
Dispatcher::_invoke() - CORE\cake\dispatcher.php, line 187
Dispatcher::dispatch() - CORE\cake\dispatcher.php, line 171
[main] - APP\webroot\index.php, line 83
Warning (2): Cannot modify header information - headers already sent
by (output started at D:\xampp\htdocs\cakeacl\cake\libs\debugger.php:
673) [CORE\cake\libs\controller\controller.php, line 742]
Code | Context
$status = "Location: http://localhost/cakeacl/users/login";
header - [internal], line ??
Controller::header() - CORE\cake\libs\controller\controller.php, line
742
Controller::redirect() - CORE\cake\libs\controller\controller.php,
line 721
AuthComponent::startup() - CORE\cake\libs\controller\components
\auth.php, line 450
Component::triggerCallback() - CORE\cake\libs\controller
\component.php, line 186
Controller::startupProcess() - CORE\cake\libs\controller
\controller.php, line 523
Dispatcher::_invoke() - CORE\cake\dispatcher.php, line 187
Dispatcher::dispatch() - CORE\cake\dispatcher.php, line 171
[main] - APP\webroot\index.php, line 83
how can i fix it?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: CakePHP View Sharing w/ ACL (so no need for duplicate view files).
On Jan 28, 10:45 pm, OldWest wrote: > Hey AD7six, > > I am not sure why I would do all of that if I can just check the Auth status > and echo out the edit controls as necessary.. Maybe I did not understand > your reply properly. What is the benefit of using that .js? you asked for other approaches ;) -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: CakePHP View Sharing w/ ACL (so no need for duplicate view files).
Hey AD7six, I am not sure why I would do all of that if I can just check the Auth status and echo out the edit controls as necessary.. Maybe I did not understand your reply properly. What is the benefit of using that .js? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Is Admin routing really required (a better way) when using an ACL implementation ?
On Jan 28, 8:35 pm, OldWest wrote: > Was looking for some feedback on this. I am currently using an ACL > implementation on my project, and it seems to be working fine. I wanted to > know what (if) there are any benefits to suing this in conjunction with > Admin Routing. Are there any benefits to using Admin Routing with the ACL > component? IME you're almost always going to want an admin crud+ backend (with simple on off access - you're an admin, or you're not) irrespective of what auth logic you've put on the public facing pages. AD -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: CakePHP View Sharing w/ ACL (so no need for duplicate view files).
On Jan 28, 8:20 pm, OldWest wrote: > Basically all I want to do is, instead of creating 2 unique views for the > admin and user interface, I only want to display the CRUD controls next to > the items when the admin IS logged in. > > Now the way I am currently doing it is checking the Auth session status and > echoing out the controller links IF the Auth session has be activated.. > > But I wanted to know if there are any other (maybe better) approaches anyone > might like to suggest. use the same view for both, and load a .js file as approprite. here's an excerpt from an example "admin".js http://bin.cakephp.org/view/1788451306 hth, AD -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Is Admin routing really required (a better way) when using an ACL implementation ?
Was looking for some feedback on this. I am currently using an ACL implementation on my project, and it seems to be working fine. I wanted to know what (if) there are any benefits to suing this in conjunction with Admin Routing. Are there any benefits to using Admin Routing with the ACL component? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
CakePHP View Sharing w/ ACL (so no need for duplicate view files).
Basically all I want to do is, instead of creating 2 unique views for the admin and user interface, I only want to display the CRUD controls next to the items when the admin IS logged in. Now the way I am currently doing it is checking the Auth session status and echoing out the controller links IF the Auth session has be activated.. But I wanted to know if there are any other (maybe better) approaches anyone might like to suggest. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
CakePHP View Sharing w/ ACL (so no need for duplicate view files).
Basically all I want to do is, instead of creating 2 unique views for the admin and user interface, I only want to display the CRUD controls next to the items when the admin IS logged in. Now the way I am currently doing it is checking the Auth session status and echoing out the controller links IF the Auth session has be activated.. But I wanted to know if there are any other (maybe better) approaches anyone might like to suggest. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Need advice for custom ACL
On Jan 26, 5:05 pm, Ernesto wrote:
> HiJohn thx for your response
>
> acting that way will bloat my app
> i have hundreds of possible combinations :\
why not just do something simple based on configuration
so e.g.
// app controller beforeFilter
Configure::write('authtype', 'peon');
in before validate in your models
$authtype = Configure::read('authtype');
if ($authtype === 'peon') {
$this->validate = $this->validateForPeons;
} elseif ($authtype === 'admin') {
$this->validate = $this->validateForAdmins;
}
use a helper to wrap your form/link requirements
echo $aHtml->link('admin home', '/admin');
echo $aForm->create();
echo $aForm->inputs();
echo $aForm->end();
// in your a html helper - example to give you an idea, not to copy
paste and use
function link(...) {
if (Configure::read('authtype') !== 'admin')) { <- read from your
auth rules in some manner
return;
}
return parent::link(...);
}
// in your a form helper - example to give you an idea, not to copy
paste and use
function input(...) {
if (Configure::read('authtype') === 'peon' && $field === 'status'))
{ <- read from your auth rules in some manner
return;
}
return parent::input(...);
}
Unless your rules change at run time and are user specific - I
wouldn't use acl to solve it, unless you use iniacl.
hth
AD
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Need advice for custom ACL
Hi ShadowCross.
thx for your suggestions.
i'll surely try them
On 27 Gen, 20:31, ShadowCross wrote:
> Ernesto:
>
> Some things to try:
>
> For your first example: ignore some validation rules if the user has
> "authorization X".
> - validate the data from the controller, using the $options parameter
> to specify which subset of the validation rules to apply. There is a
> (albeit simplistic) example in the Cookbook (http://book.cakephp.org/
> view/1182/Validating-Data-from-the-Controller), where only a couple of
> the fields are validated. If you have multiple rules for a field, and
> you want only some, not all, those rules checked on that field, you
> can adjust rules array for that field in the Model's beforeValidate()
> function (or an attached Behavior's beforeValidate()) -- the
> $optionsparameter of Model::validates() is passed to the
> Model::beforeValidate(), and only the 'fieldList' key is reserved.
> Unfortunately, if you have to resort to the beforeValidate(), your
> permissions logic will not be confined to your controller.
> - if no errors, call the Model::save() or Model::saveAll(), but set
> the validate parameter to false to avoid using the model's full
> validation
>
> =
> For your second example: hide or modify some form fields if user
> hasn't "authorization Y".
> - in your controller, you can create an array of what authorizations
> the user has and save that to a view variable.
> - in your view, use that array to determine whether a form field
> should be hidden or adjusted.
>
> example:
> foo_controller.php:
>
> function edit($id = null) {
> ...
> $aro = 'user/' . $this->Auth->user('id');
>
> // Create list of authorizations that user has
> $authorizations = array();
> foreach(array('Bar/Y_1', 'Bar/Y_2', 'Bar/Y_3') as $aco) {
> if ($this->Acl->check($aro, $aco) {
> $authorizations[] = $aco;
> }
> }
> $this->set(compact('authorizations'));
> }
>
> foo/edit.ctp:
>
> ...
>
> if (in_array('Bar/Y_2', $authorizations)) {
> echo $this->Form->input('fieldX1');
> } else {
> echo $this->Form->hidden('fieldX1');
> }
> if (in_array('Bar/Y_3', $authorizations)) {
> echo $this->Form->input('fieldX2', array(
> 'options' => array('1', '2', '3')
> ));
> } else {
> echo $this->Form->input('fieldX2', array(
> 'options' => array('4', '5', '6')
> ));
> }
>
> Note that in Cake's built-in ACL, the ACO (Access Control Object)
> nodes do not have to correspond to controllers or actions. ACO nodes
> that correspond to actions is just one of the built-in behaviors. You
> can also define arbitrary ACO nodes. To extend my example above, I
> can have the following ACO nodes defined:
>
> controllers/Foo/add
> controllers/Foo/edit
> controllers/Foo/index
> controllers/Foo/view
> Bar/Y_1
> Bar/Y_2
> Bar/Y_3
>
> and in app_controller.php:
>
> var $components = array('Auth' => array(
> 'authorize' => 'actions',
> 'actionPath' => 'controllers/'
> ));
>
> Note the 'actionPath' AuthComponent variable; any ACO nodes NOT nested
> under the 'controllers' (or whatever you specify as the actionPath)
> node are ignored for the purposes of the "standard Cake ACL". To
> check permissions manually for everything else, you can use the
> check($aro, $aco, $action = '*') function of the AclComponent.
>
> There may be some advantages of using Cake's AclComponent in this way
> instead of your custom CheckAuthorizations class, including:
> - using existing tables (aros, acos, aros_acos, and not having to add
> the authorizations and authorizations_users tables)
> - "inheritance". ARO nodes can refer to groups and/or users -- if a
> UserX is part of GroupA and GroupA has access to AuthB, UserX also has
> AuthB (unless access to AuthB is explicitly revoked from UserX. And
> if groups are defined as
Re: Need advice for custom ACL
Ernesto:
Some things to try:
For your first example: ignore some validation rules if the user has
"authorization X".
- validate the data from the controller, using the $options parameter
to specify which subset of the validation rules to apply. There is a
(albeit simplistic) example in the Cookbook (http://book.cakephp.org/
view/1182/Validating-Data-from-the-Controller), where only a couple of
the fields are validated. If you have multiple rules for a field, and
you want only some, not all, those rules checked on that field, you
can adjust rules array for that field in the Model's beforeValidate()
function (or an attached Behavior's beforeValidate()) -- the
$optionsparameter of Model::validates() is passed to the
Model::beforeValidate(), and only the 'fieldList' key is reserved.
Unfortunately, if you have to resort to the beforeValidate(), your
permissions logic will not be confined to your controller.
- if no errors, call the Model::save() or Model::saveAll(), but set
the validate parameter to false to avoid using the model's full
validation
=
For your second example: hide or modify some form fields if user
hasn't "authorization Y".
- in your controller, you can create an array of what authorizations
the user has and save that to a view variable.
- in your view, use that array to determine whether a form field
should be hidden or adjusted.
example:
foo_controller.php:
function edit($id = null) {
...
$aro = 'user/' . $this->Auth->user('id');
// Create list of authorizations that user has
$authorizations = array();
foreach(array('Bar/Y_1', 'Bar/Y_2', 'Bar/Y_3') as $aco) {
if ($this->Acl->check($aro, $aco) {
$authorizations[] = $aco;
}
}
$this->set(compact('authorizations'));
}
foo/edit.ctp:
...
if (in_array('Bar/Y_2', $authorizations)) {
echo $this->Form->input('fieldX1');
} else {
echo $this->Form->hidden('fieldX1');
}
if (in_array('Bar/Y_3', $authorizations)) {
echo $this->Form->input('fieldX2', array(
'options' => array('1', '2', '3')
));
} else {
echo $this->Form->input('fieldX2', array(
'options' => array('4', '5', '6')
));
}
Note that in Cake's built-in ACL, the ACO (Access Control Object)
nodes do not have to correspond to controllers or actions. ACO nodes
that correspond to actions is just one of the built-in behaviors. You
can also define arbitrary ACO nodes. To extend my example above, I
can have the following ACO nodes defined:
controllers/Foo/add
controllers/Foo/edit
controllers/Foo/index
controllers/Foo/view
Bar/Y_1
Bar/Y_2
Bar/Y_3
and in app_controller.php:
var $components = array('Auth' => array(
'authorize' => 'actions',
'actionPath' => 'controllers/'
));
Note the 'actionPath' AuthComponent variable; any ACO nodes NOT nested
under the 'controllers' (or whatever you specify as the actionPath)
node are ignored for the purposes of the "standard Cake ACL". To
check permissions manually for everything else, you can use the
check($aro, $aco, $action = '*') function of the AclComponent.
There may be some advantages of using Cake's AclComponent in this way
instead of your custom CheckAuthorizations class, including:
- using existing tables (aros, acos, aros_acos, and not having to add
the authorizations and authorizations_users tables)
- "inheritance". ARO nodes can refer to groups and/or users -- if a
UserX is part of GroupA and GroupA has access to AuthB, UserX also has
AuthB (unless access to AuthB is explicitly revoked from UserX. And
if groups are defined as heirarchical (i.e. TreeBehavior), GroupA can
inherit access rights from it's parents and ancestors. The same
applies to ACO nodes. In fact, you *could*, in theory, define field-
level access in the following manner:
ARO:
Group 1 (all users)
Group 2 (admin)
ACO:
controllers/Foo/edit
controllers/Foo/edit/name
controllers/Foo/edit/fieldX1
controllers/Foo/edit/fieldX2
ARO/ACO:
// All users can access the edit page for Foo
$this->Acl->allow('Group 1', 'controllers/Foo/edit');
// Revoke access to fieldX
Re: Need advice for custom ACL
the only alternative path i can see is to make hundreds of controllers, each with his own specific model. this will lead to hundreds of controllers. Right now i'm acting this way: - i use the standard Cake ACL to prevent unwanted page views. - i added an "Authorization" model, with HABTM relationship to User model (and vice-versa) - i added a Vendor class named "CheckAuthorizations", loaded in both AppController and AppModel's constructors. This class checks if there's any coincidence between the current logged user and the requested authorization code (authorization_id), by fetching data from Authorizations_Users (the HABTM join model). - Authorization request are done this way: $this->CheckAuthorization->check([AUTHCODE]) or $this->CheckAuthorization->require([AUTHCODE]) Any advice? On 27 Gen, 13:57, Zaky Katalan-Ezra wrote: > In that case my honest advice to you is to revise your design. > > "If it's not simple it's should simply not" (In Hebrew it sounds better) -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Need advice for custom ACL
In that case my honest advice to you is to revise your design. "If it's not simple it's should simply not" (In Hebrew it sounds better) -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Need advice for custom ACL
They don't refer to anything particular. Look @ my example in first post On 26 Gen, 18:40, Zaky Katalan-Ezra wrote: > >not all of those "authorizations" are referred to a specific > >controller's action so cake's built-in ACL isn't very useful. > > Then what they refer to? > > It looks like you need to create an engine to create your views on the fly. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Need advice for custom ACL
>not all of those "authorizations" are referred to a specific >controller's action so cake's built-in ACL isn't very useful. Then what they refer to? It looks like you need to create an engine to create your views on the fly. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Need advice for custom ACL
> HiJohn thx for your response > > acting that way will bloat my app > i have hundreds of possible combinations :\ Not sure what else to suggest, interested to hear if/how you solve it! -- jon bennett - www.jben.net - blog.jben.net -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Need advice for custom ACL
HiJohn thx for your response
acting that way will bloat my app
i have hundreds of possible combinations :\
On 26 Gen, 15:05, Jon Bennett wrote:
> hi,
>
> > in my app i need to (some examples):
>
> > - ignore some validation rules if the user has "authorization X"
> > - hide or modify some form fields if user hasn't "authorization Y"
> > - do the usual ACL things ("if you're a Customer you can't modify
> > users" and so on)
>
> > not all of those "authorizations" are referred to a specific
> > controller's action so cake's built-in ACL isn't very useful.
>
> > in your opinion, what's the best way to implement this?
>
> Not tried this, but could you:
>
> 1. Have multiple views per auth type, stops you needing to hide/show form
> fields
> 2. Have multiple Models that connect to the same table, each with a
> different set of validation rules
> 3. Use the correct model above in your controller and views
>
> ... which would mean your ACL logic stays in the controller.
>
> Might work,
>
> Cheers,
>
> Jon
>
> --
> jon bennett -www.jben.net- blog.jben.net
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Need advice for custom ACL
hi,
> in my app i need to (some examples):
>
> - ignore some validation rules if the user has "authorization X"
> - hide or modify some form fields if user hasn't "authorization Y"
> - do the usual ACL things ("if you're a Customer you can't modify
> users" and so on)
>
> not all of those "authorizations" are referred to a specific
> controller's action so cake's built-in ACL isn't very useful.
>
> in your opinion, what's the best way to implement this?
Not tried this, but could you:
1. Have multiple views per auth type, stops you needing to hide/show form fields
2. Have multiple Models that connect to the same table, each with a
different set of validation rules
3. Use the correct model above in your controller and views
... which would mean your ACL logic stays in the controller.
Might work,
Cheers,
Jon
--
jon bennett - www.jben.net - blog.jben.net
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Need advice for custom ACL
Hello.
in my app i need to (some examples):
- ignore some validation rules if the user has "authorization X"
- hide or modify some form fields if user hasn't "authorization Y"
- do the usual ACL things ("if you're a Customer you can't modify
users" and so on)
not all of those "authorizations" are referred to a specific
controller's action so cake's built-in ACL isn't very useful.
in your opinion, what's the best way to implement this?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: ACL How to get logged user information, like user name, id in user table, group name, etc.
Yeah. my mistake.
The post I referred also was saying user("id"). :D
Thanks for your kind reply. Raymond.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: ACL How to get logged user information, like user name, id in user table, group name, etc.
If it is not a typo, the reason is that it is not $this->Auth-
>user["id] but $this->Auth->user("id).
user() is a function of the AuthComponent, not a property.
Regards,
nIcO
On Jan 24, 11:49 am, raymond wrote:
> Hi, everyone.
> I ve entered CakePHP world recently and bumped into one issue.
> I need to get logged users information, especially primary key value
> in user table.
> I have tried $this->Auth->user["id] because I have read it from one
> post in this group, but I checked that $this->Auth does not have any
> user value there.
> So what solution will help me?
> Regards, Raymond.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
ACL How to get logged user information, like user name, id in user table, group name, etc.
Hi, everyone. I ve entered CakePHP world recently and bumped into one issue. I need to get logged users information, especially primary key value in user table. I have tried $this->Auth->user["id] because I have read it from one post in this group, but I checked that $this->Auth does not have any user value there. So what solution will help me? Regards, Raymond. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: ACL how controll more type of action?
Actually you can do exactly what you say with CakePHP ACL. By default,
the AclComponent allow() and deny() methods save 1 and -1 respectively
for all fields _create, _read, _update and _delete. Then if you use
the AclComponent to check if a user is authorized to do some actions,
the check() method simply returns a boolean, used to grant or deny
access.
I have never used the specific values of _create, _read, _update and
_delete, but I guess they are more useful in other situations, but not
to check users permissions on actions. At least in my case, the
aros_acos table contains only records with four 1, or four -1.
Regards,
nIcO
On Jan 24, 1:20 am, Petr Vytlačil wrote:
> I understand ACL logic and what is ACO etc...
> But I thing this solution is stupid. Why I should setting premissions
> (update,delete,save,add) for action deleteItems of some Controller.
> Its sure I want only check if i can call deleteItems for this i dont
> need check if i has premission for update, delete, etc. for this
> action. .-)
>
> Understand me?
>
> Better solution:
> I has controller Entries and methos deleteEntry, addEntry.
> User role ADMIN has setting permission for ACO: Entries::deleteEntry
> and Entries::addEntry
>
> In app controller i check premission: $this->Acl->check(this->userRole,
> 'Entries::addEntry');
>
> This is more simple and i dont need controll if users can read, save,
> delete, add this action.
>
> On Jan 12, 9:24 am, Andi wrote:
>
> > Hi,
>
> > I think that you didn't understand the complex ACL logik. But it is
> > really complex.
>
> > The "actions" update, delete, save, add are the actions for the ACO.
> > So the first question is: what is an ACO? It is an Access Control
> > Object. Read here more about the
> > logic:http://book.cakephp.org/view/465/Understanding-How-ACL-Works
> > So a typical ACO for CakePHP is a method of a controller.
> > Example:
> > Controller for Usergroups
> > Methods:
> > * add
> > * delete
> > * index
> > * list
> > * mygroups
> > * admin
> > * view
> > Every Method is an ACO and for every ACO you can set the permissions
> > update, delete, save, add.
>
> > More Information about setting the
> > permissions:http://book.cakephp.org/view/648/Setting-up-permissions
>
> > On 9 Jan., 22:18,PetrVytlaèil wrote:
>
> > > Hi in ACL you can controll only action (update, delete, save, add) It
> > > is bad because app can has more other metod is any solutuion how
> > > control access for other methor for example:
>
> > > Controller Users
> > > Function list(){
> > > ..
>
> > > }
>
> > > THX
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: ACL how controll more type of action?
I understand ACL logic and what is ACO etc...
But I thing this solution is stupid. Why I should setting premissions
(update,delete,save,add) for action deleteItems of some Controller.
Its sure I want only check if i can call deleteItems for this i dont
need check if i has premission for update, delete, etc. for this
action. .-)
Understand me?
Better solution:
I has controller Entries and methos deleteEntry, addEntry.
User role ADMIN has setting permission for ACO: Entries::deleteEntry
and Entries::addEntry
In app controller i check premission: $this->Acl->check(this-
>userRole, 'Entries::addEntry');
This is more simple and i dont need controll if users can read, save,
delete, add this action.
On Jan 12, 9:24 am, Andi wrote:
> Hi,
>
> I think that you didn't understand the complex ACL logik. But it is
> really complex.
>
> The "actions" update, delete, save, add are the actions for the ACO.
> So the first question is: what is an ACO? It is an Access Control
> Object. Read here more about the
> logic:http://book.cakephp.org/view/465/Understanding-How-ACL-Works
> So a typical ACO for CakePHP is a method of a controller.
> Example:
> Controller for Usergroups
> Methods:
> * add
> * delete
> * index
> * list
> * mygroups
> * admin
> * view
> Every Method is an ACO and for every ACO you can set the permissions
> update, delete, save, add.
>
> More Information about setting the
> permissions:http://book.cakephp.org/view/648/Setting-up-permissions
>
> On 9 Jan., 22:18,PetrVytlaèil wrote:
>
> > Hi in ACL you can controll only action (update, delete, save, add) It
> > is bad because app can has more other metod is any solutuion how
> > control access for other methor for example:
>
> > Controller Users
> > Function list(){
> > ..
>
> > }
>
> > THX
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: ACL how controll more type of action?
I understand ACL logic and what is ACO etc...
But I thing this solution is stupid. Why I should setting premissions
(update,delete,save,add) for action deleteItems of some Controller.
Its sure I want only check if i can call deleteItems for this i dont
need check if i has premission for update, delete, etc. for this
action. .-)
Understand me?
Better solution:
I has controller Entries and methos deleteEntry, addEntry.
User role ADMIN has setting permission for ACO: Entries::deleteEntry
and Entries::addEntry
In app controller i check premission: $this->Acl->check(this-
>userRole, 'Entries::addEntry');
This is more simple and i dont need controll if users can read, save,
delete, add this action.
On Jan 12, 9:24 am, Andi wrote:
> Hi,
>
> I think that you didn't understand the complex ACL logik. But it is
> really complex.
>
> The "actions" update, delete, save, add are the actions for the ACO.
> So the first question is: what is an ACO? It is an Access Control
> Object. Read here more about the
> logic:http://book.cakephp.org/view/465/Understanding-How-ACL-Works
> So a typical ACO for CakePHP is a method of a controller.
> Example:
> Controller for Usergroups
> Methods:
> * add
> * delete
> * index
> * list
> * mygroups
> * admin
> * view
> Every Method is an ACO and for every ACO you can set the permissions
> update, delete, save, add.
>
> More Information about setting the
> permissions:http://book.cakephp.org/view/648/Setting-up-permissions
>
> On 9 Jan., 22:18,PetrVytlaèil wrote:
>
> > Hi in ACL you can controll only action (update, delete, save, add) It
> > is bad because app can has more other metod is any solutuion how
> > control access for other methor for example:
>
> > Controller Users
> > Function list(){
> > ..
>
> > }
>
> > THX
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: login/logout Issue with acl tutorial
hi,
to go back to login page after logoutt
all u need to sett that logoutt redirect action.
like bellow
function logout() {
$this->Session->setFlash('You have successfully logged out');
$this->Auth->logout();
$this->redirect(array('action'=>'login'));
//$this->redirect($this->Auth->logout());
}
i hope this will work for u.
On Jan 20, 2:03 am, opike wrote:
> Sorry, this is a duplicate post.
>
> Since it took 4 hours for my original post to show up I wasn't sure if
> I had submitted it properly.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Cake Newbie with ACL implementation question
HI All As above i have just started to get my head around Cake and have done a couple of the Tutorials. My question is this; I am setting out to write a global stock management app for my employer to manage different warehouses around the world. 1) I want to have a Super User to administer the whole app, 2) I want to have Users who can see all the warehouses. 3) I want to have each warehouse to have an administrator so that they can add their own users etc, and 4) each warehouse to have a user. In Summary [Global Admin] - Super User [Global User] - Can See All warehouses [Warehouse Admin] - Administer their own warehouse e.g. Create products, locations, users etc [Warehouse User] Ultimately there will probably 6 warehouses but the local users can change. Could anyone explain if the ACL route will work for me and if so how. Muchus Gracias MackDaddy -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Acl Tutorial: trying to logout
I think I fixed this by adding this line to the beforeFilter() method:
$this->Auth->allow('logout');
On Jan 19, 10:10 am, opike wrote:
> I finished implementing the acl tutorial
> here:http://book.cakephp.org/view/1543/Simple-Acl-controlled-Application
>
> and it was working for the most part, I was testing logging in and out
> with the different users.
>
> But now it's in a state where it won't let me access any of the other
> pages and always redirects me to the top level index.php page with the
> message "You are not authorized to access that location.".
>
> I thought I would be able to run the logout function by issuing this
> url:http://localhost/cake/app/users/logout
> but I get the same "not authorized" message.
>
> When I try to access the login page ("http://localhost/cake/users/
> login") I get the message "You are logged in." without being prompted
> for username and password.
>
> I even tried bouncing apache to reset the session info but that had no
> effect.
>
> How can I get back to where the login page is prompting me for
> username/password again?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: login/logout Issue with acl tutorial
Sorry, this is a duplicate post. Since it took 4 hours for my original post to show up I wasn't sure if I had submitted it properly. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
login/logout Issue with acl tutorial
I just impleted the acl tutorial: http://book.cakephp.org/view/1543/Simple-Acl-controlled-Application and I did the following to test it out. Logged in with user1 (member of the administrator group). Fine. Logged out by issuing the url http://localhost/cake/app/users/logout. Fine. Logged in with user2 (member of the managers group). Fine. Now when I try to log out, it redirects me to the url http://localhost/cake and displays the main cake page with the message at the bottom: "You are not authorized to access that location". Trying to access http://localhost/cake/users/login takes me to http://localhost/cake with the message "You are logged in". So I'm stuck where I can't log in as a different user. Do I need to change the permissions so that users that aren't members of the administrator group have access to the logout page? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Acl Tutorial: trying to logout
I finished implementing the acl tutorial here:
http://book.cakephp.org/view/1543/Simple-Acl-controlled-Application
and it was working for the most part, I was testing logging in and out
with the different users.
But now it's in a state where it won't let me access any of the other
pages and always redirects me to the top level index.php page with the
message "You are not authorized to access that location.".
I thought I would be able to run the logout function by issuing this
url: http://localhost/cake/app/users/logout
but I get the same "not authorized" message.
When I try to access the login page ("http://localhost/cake/users/
login") I get the message "You are logged in." without being prompted
for username and password.
I even tried bouncing apache to reset the session info but that had no
effect.
How can I get back to where the login page is prompting me for
username/password again?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: ACL Question
Hi Ed, Are you trying to say managing the actions only and sometimes it affects your CRUD ? I'm not en expert in this area, but giving my shot is: Use routing? That area is strange for me. Are you trying to hide some of the CRUD buttons for some users and not all? I think you can do that, I read that somewhere although I didn't manage to accomplish. Best wishes, cheers. John Maxim. On Jan 18, 12:18 am, CrotchFrog wrote: > Hi John, > > I do use a plugin to manage permissions and it seems to work quite > well > although I still prefer the shell interface for adding/removing aro/ > aco > and creating permissions on the fly. > > The grey area for me right now is authorizing CRUD vs. otherActions. > I know that I can use Auth->mapActions and treat otherActions as CRUD > but I assumed that Auth->authorize='actions' would allow me grant/ > deny > permissions on that action regardless of what the action does in > relation > to CRUD. > > I guess I'm still a bit confused here. > > On Jan 15, 11:02 pm, John Maxim wrote: > > > Hi Ed, > > > You can customise your users permission using ACL plugin. I suggest > > finding one on your own, the current one I use has a drawback when I > > have over 10 groups with different permission settings. The role > > permission setting stops working. However, it's still effective if I > > view users roles or users permission, and from there we can customise > > the users permission. > > > You may want to refer to this: > > >http://www.alaxos.net/blaxos/pages/view/7 > > > I'm not sure if you can find a better one or make one. The recommended > > ACL plugins can be found here: > > > Mark Story's ACL extras and menu components. > > >http://josediazgonzalez.com/2010/08/16/cakephp-plugins-a-biblical-ret... > > > If anytime you managed to get one working better than any above, share > > with me. > > > :-) > > > Best regards, > > Maxim. > > > On Jan 16, 9:59 am, Ed Propsner wrote: > > > > I've been plugging away with Cake for some time now with extremely few > > > issues. I recently decided that ACL was the right choice for my app ... > > > now > > > I have issues :) > > > > I've toyed with it long enough now that I understand the concept and > > > mechanics of it but the issue I'm having is this: > > > When granting access, it seems to be all or nothing. If I take the Group > > > users for example, access has to be at > > > CRUD 1 1 1 1 or sitewide access is denied. Changing it to CRUD 1 1 1 0 > > > denies access not just to the controller or parts of it, > > > but the entire app. I was assuming that ultimately I would be able deny > > > access to any controller/action that I want but it > > > doesn't seem to be working out that way for me. > > > > What I am overlooking here? I referenced the tutorial in the book when > > > putting the ACL together so the set-up is > > > very straightforward. I didn't try to do anything fancy or creative with > > > it, > > > it's all by the book. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: CakePHP ACL [Failed ARO/ACO node lookup in permissions check]
You actually want to reference the model then the aco in question. For example, if you have a Users model and you want to identify a user with an id of 1, you would actually write: User.1 Not simply "1." That's very confusing and ambiguous in the documentation. Took me a while to figure it out. Also a heads up: you almost certainly will want to use the Console to do a lot of the initial setup for your ACLs. But take a careful look at the code, because the --help menus don't explain what comes first, the ACO or the ARO in the function call. I put in to have the help menu updated - even gave them a patch over at Lighthouse - but I haven't seen it yet. I would love to take some time and rewrite parts of the ACL documentation in the book but oh, man, is that a tall order. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
CakePHP ACL [Failed ARO/ACO node lookup in permissions check]
Hello.
I have create an application with CakePHP that uses the ACL.
In my database I have this data:
AROS:
=
|__ID__|__PARENT_ID__|__MODEL|__FOREIGN_KEY__|
__ALIAS__|_lft__|_rght_|
=
|__1___|__null_|__Group__|__1__|
__Administrators___|__1__|__4__|
|__2___|__1___|__User___|__1__|
__admin__|__2__|__3__|
|__3___|__null_|__Group__|__2__|
__Accountants |__5__|__6__|
|__4___|__null_|__Group__|__3__|__Database
Admins`|__7__|__8__|
|__5___|__null_|__Group__|__4__|
__Translators__|__9__|__14_|
|__6___|__5___|__User___|__2__|
__engtrans|__10_|__11_|
|__7___|__5___|__User___|__3__|
__esptrans|__12_|__13_|
=
ACOS
=
|__ID__|__PARENT_ID__|__MODEL|__FOREIGN_KEY__|
__ALIAS__|_lft__|_rght_|
=
|__1___|__null_|__null|__null|
__controllers__|__1__|__4__|
|__2___|__1___|__null|__null|
__Groups |__2__|__3__|
|__3___|__null_|__null|__null|
__Users__|__5__|__6__|
=
AROS_ACOS
|__ID__|__ARO_ID__|__ACO_ID__|___CREATE__|___READ__|___UPDATE__|
___DELETE__|
|__1__|__1|__1|__1_|__1___|__1_|
__1__|
and then in my Site I do that
$aco = ''controllers";
$aro = 1;
$this->AccessControll->getPermission($aco, $aros);
and I get this error :
Warning (512): DbAcl::check() - Failed ARO/ACO node lookup in
permissions check. Node references:
Aro: 1
Aco: controllers [CORE\cake\libs\controller\components\acl.php, line
275]
[Warning -> code]
if (empty($aroPath) || empty($acoPath)) {
trigger_error(__("DbAcl::check() - Failed ARO/ACO node
lookup in permissions check. Node references:\nAro: ", true) .
print_r($aro, true) . "\nAco: " . print_r($aco, true),
E_USER_WARNING);
[Warning -> context]
$aro= "1"
$aco= "controllers"
$action = "create"
$permKeys = array(
"_create",
"_read",
"_update",
"_delete"
)
$aroPath= false
$acoPath= array(
array(
"Aco" => array()
)
)
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
Re: ACL Question
Hi John, I do use a plugin to manage permissions and it seems to work quite well although I still prefer the shell interface for adding/removing aro/ aco and creating permissions on the fly. The grey area for me right now is authorizing CRUD vs. otherActions. I know that I can use Auth->mapActions and treat otherActions as CRUD but I assumed that Auth->authorize='actions' would allow me grant/ deny permissions on that action regardless of what the action does in relation to CRUD. I guess I'm still a bit confused here. On Jan 15, 11:02 pm, John Maxim wrote: > Hi Ed, > > You can customise your users permission using ACL plugin. I suggest > finding one on your own, the current one I use has a drawback when I > have over 10 groups with different permission settings. The role > permission setting stops working. However, it's still effective if I > view users roles or users permission, and from there we can customise > the users permission. > > You may want to refer to this: > > http://www.alaxos.net/blaxos/pages/view/7 > > I'm not sure if you can find a better one or make one. The recommended > ACL plugins can be found here: > > Mark Story's ACL extras and menu components. > > http://josediazgonzalez.com/2010/08/16/cakephp-plugins-a-biblical-ret... > > If anytime you managed to get one working better than any above, share > with me. > > :-) > > Best regards, > Maxim. > > On Jan 16, 9:59 am, Ed Propsner wrote: > > > > > > > > > I've been plugging away with Cake for some time now with extremely few > > issues. I recently decided that ACL was the right choice for my app ... now > > I have issues :) > > > I've toyed with it long enough now that I understand the concept and > > mechanics of it but the issue I'm having is this: > > When granting access, it seems to be all or nothing. If I take the Group > > users for example, access has to be at > > CRUD 1 1 1 1 or sitewide access is denied. Changing it to CRUD 1 1 1 0 > > denies access not just to the controller or parts of it, > > but the entire app. I was assuming that ultimately I would be able deny > > access to any controller/action that I want but it > > doesn't seem to be working out that way for me. > > > What I am overlooking here? I referenced the tutorial in the book when > > putting the ACL together so the set-up is > > very straightforward. I didn't try to do anything fancy or creative with it, > > it's all by the book. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: ACL Question
Hi Ed, You can customise your users permission using ACL plugin. I suggest finding one on your own, the current one I use has a drawback when I have over 10 groups with different permission settings. The role permission setting stops working. However, it's still effective if I view users roles or users permission, and from there we can customise the users permission. You may want to refer to this: http://www.alaxos.net/blaxos/pages/view/7 I'm not sure if you can find a better one or make one. The recommended ACL plugins can be found here: Mark Story's ACL extras and menu components. http://josediazgonzalez.com/2010/08/16/cakephp-plugins-a-biblical-retelling/ If anytime you managed to get one working better than any above, share with me. :-) Best regards, Maxim. On Jan 16, 9:59 am, Ed Propsner wrote: > I've been plugging away with Cake for some time now with extremely few > issues. I recently decided that ACL was the right choice for my app ... now > I have issues :) > > I've toyed with it long enough now that I understand the concept and > mechanics of it but the issue I'm having is this: > When granting access, it seems to be all or nothing. If I take the Group > users for example, access has to be at > CRUD 1 1 1 1 or sitewide access is denied. Changing it to CRUD 1 1 1 0 > denies access not just to the controller or parts of it, > but the entire app. I was assuming that ultimately I would be able deny > access to any controller/action that I want but it > doesn't seem to be working out that way for me. > > What I am overlooking here? I referenced the tutorial in the book when > putting the ACL together so the set-up is > very straightforward. I didn't try to do anything fancy or creative with it, > it's all by the book. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
ACL Question
I've been plugging away with Cake for some time now with extremely few issues. I recently decided that ACL was the right choice for my app ... now I have issues :) I've toyed with it long enough now that I understand the concept and mechanics of it but the issue I'm having is this: When granting access, it seems to be all or nothing. If I take the Group users for example, access has to be at CRUD 1 1 1 1 or sitewide access is denied. Changing it to CRUD 1 1 1 0 denies access not just to the controller or parts of it, but the entire app. I was assuming that ultimately I would be able deny access to any controller/action that I want but it doesn't seem to be working out that way for me. What I am overlooking here? I referenced the tutorial in the book when putting the ACL together so the set-up is very straightforward. I didn't try to do anything fancy or creative with it, it's all by the book. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: ACL for cakephp 1.3
Hope this helps: http://jsalonen.com/2010/10/role-based-acl-in-cakephp/ Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: ACL for cakephp 1.3
http://book.cakephp.org/view/1543/Simple-Acl-controlled-Application -- Lep pozdrav, Tilen Majerle http://majerle.eu 2011/1/12 danieln > Hi, > > anyone came across any tutorials for cakephp 1.3 acl? > > I'm very new to cakephp and the most important thing I need to learn > is to get the auth & acl working together. > > Hope someone can advise on this. > > If you have done it, I hope you can give me some samples too. > > Thanks! > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.comFor > more options, visit this group at > http://groups.google.com/group/cake-php?hl=en > Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
ACL for cakephp 1.3
Hi, anyone came across any tutorials for cakephp 1.3 acl? I'm very new to cakephp and the most important thing I need to learn is to get the auth & acl working together. Hope someone can advise on this. If you have done it, I hope you can give me some samples too. Thanks! Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: ACL how controll more type of action?
Hi,
I think that you didn't understand the complex ACL logik. But it is
really complex.
The "actions" update, delete, save, add are the actions for the ACO.
So the first question is: what is an ACO? It is an Access Control
Object. Read here more about the logic:
http://book.cakephp.org/view/465/Understanding-How-ACL-Works
So a typical ACO for CakePHP is a method of a controller.
Example:
Controller for Usergroups
Methods:
* add
* delete
* index
* list
* mygroups
* admin
* view
Every Method is an ACO and for every ACO you can set the permissions
update, delete, save, add.
More Information about setting the permissions:
http://book.cakephp.org/view/648/Setting-up-permissions
On 9 Jan., 22:18, Petr Vytlačil wrote:
> Hi in ACL you can controll only action (update, delete, save, add) It
> is bad because app can has more other metod is any solutuion how
> control access for other methor for example:
>
> Controller Users
> Function list(){
> ..
>
> }
>
> THX
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
Re: Best way to achieve my ACL goal?
The way I've done this is define the ACOs to be roles and check the user's
access to the required role with Acl->check. That way you can have multiple
roles in a tree-structure and the access checks are super simple. There are
drawbacks though: which role is required for each action is hardcoded, which
is a problem if you want to rename a role or completely change its meaning.
This way it's also fairly simple to give the users access only to certain
records or areas, like you could allow adding content to a section only
to general content developers and to the content developer who is the
"owner" of the section:
// in beforeFilter
$this->Auth->authorize = 'controller';
function isAuthorized() {
$userId = $this->Auth->user('id');
$aro = array('model' => 'User', 'foreign_key' => $userId);
switch ($this->action) {
case 'view': return true; // allow everyone
case 'add': // allow general content developers and section owners
$aco = 'roles/admin/general_content_developer';
$this->Section->id = // get section id from somewhere
$sectionOwner = $this->Section->field('owner_id');
if ($sectionOwner == $userId)
$aco = 'roles/admin/general_content_developer/content_developer';
return $this->Acl->check($aro, $aco, '*');
case 'edit':
...
}
}
I've written more about this on my blog:
http://jsalonen.com/2010/08/simpler-role-based-access-control-for-cakephp/
http://jsalonen.com/2010/10/role-based-acl-in-cakephp/
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
Re: Best way to achieve my ACL goal?
I have asked a similar question a few days ago. If I understood you
correctly, then you basically want people to be member of more than
one group. I have been told that I would leave the normal acl way
there and I would have to implement my authentication myself.
Basically something like;
// in beforeFilter() eventually in app_controller.php
$this->Auth->authorize = 'controller';
and then implement a function isAuthorized()
function isAuthorized() {
// get authed user
// Loop his groups
// foreach group call $this->Acl->check($group, $current_aco_path)
// if one call returns true, return true else false
}
regards,
Jens
On 7 Jan., 14:18, Pehmolelu wrote:
> Hi folks! :)
>
> Im building a website and decided to use CakePHP as framework. So Im
> totally new to the framework and Im not familiar with alots of things.
> I have though spent tens of hours reading the CookBook througtly.
>
> I have a problem with ACL in my website, which is the reason Im
> writing this. I have read about the tree structure and dont know
> really if it fits to my purposes. Let me back up the story a bit...
>
> My website is divided in quite many sections. There are few groups who
> can control specific sections:
>
> Admins - Controls all
> General moderators - Controls same sections as moderators but with
> higher priviledges over some actions. They dont control things that
> content developers or general developers control.
> Moderators - Controls some sections (different than content
> developers).
> General content developers - Controls same sections as content
> developers but with higher priviledges over some actions.They dont
> control things that moderators or general moderators control.
> Content developers - Controls some sections (different than
> moderators).
>
> These are the "main" groups. However, there can be people who are
> mixed in groups like being General moderator and General content
> developer. Or being content developer and General moderator. so
> basically I would want a person to be able to be in multiple groups
> but as far as I understand this is not possible?
>
> There are also "special" groups (or roles) like "News writers" and
> "Critics" which have their specific sections that they are allowed to.
> Id like to have General moderators plus Admins ofcourse to have the
> priviledges these controls are accessed to. I'd also like to have some
> specific users from other groups to be in these groups(roles). Like
> Moderator being able to be in Critics group (or being a critic) aswell
> and thus having both pribiledges.
>
> How I can achieve this type of ACL with CakePHP? What approach I
> should use? If there is any good documentation somewhere, please link
> it. Im really interested in CakePHP and want to read more if there is
> some.
>
> Thanks :)
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
Re: Best way to achieve my ACL goal?
Any advice is appreciated Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
ACL how controll more type of action?
Hi in ACL you can controll only action (update, delete, save, add) It
is bad because app can has more other metod is any solutuion how
control access for other methor for example:
Controller Users
Function list(){
..
}
THX
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
Re: Acl and bindNode()
I've been advised to look at the new ACL behaviour as it might hold the key. I haven't done so yet, so can't vouch. Jeremy Burns Class Outfit jeremybu...@classoutfit.com http://www.classoutfit.com On 8 Jan 2011, at 10:05, Jens Dittrich wrote: > So it seems that the documentation is correct regarding the desired > result but inconsistent in the example. So I have to live with the > fact that my Users are still added to the Aro table, even though the > example in the book implies something else. > > Thank you! > > On 7 Jan., 23:30, cricket wrote: >> On Fri, Jan 7, 2011 at 7:25 AM, Jens Dittrich wrote: >>> Hi all! >> >>> I have a little problem with the Acl. I have Users beloging to Roles. >>> I want to set my Acl to check the Roles only, since a per User based >>> system is not planned. So I followed the tutorial from the Book 1.3 >>> (http://book.cakephp.org/view/1547/Acts-As-a-Requester) where it >>> describes the same situation: >>> However using bindNode() in the User model does not stop Users from >>> being inserted into the Acl's aro list, but as far as I understand the >>> tutorial and especially the given example of "Group-only-Acl" where no >>> Users are listet in the aro-list. >> >>> Am I doing something wrong or is the given result of the aros just >>> misleading and the Users will be added anyway but just not being >>> checked? >> >> You're not alone. See this >> thread:http://groups.google.com/group/cake-php/browse_thread/thread/1a758f55... >> >> I don't know if it was ever resolved. Searching "bindNode" in tickets >> shows these, >> though:http://cakephp.lighthouseapp.com/projects/42648/tickets/1343-bindnode...http://cakephp.lighthouseapp.com/projects/42648/tickets/1395-problem-... > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Acl and bindNode()
So it seems that the documentation is correct regarding the desired result but inconsistent in the example. So I have to live with the fact that my Users are still added to the Aro table, even though the example in the book implies something else. Thank you! On 7 Jan., 23:30, cricket wrote: > On Fri, Jan 7, 2011 at 7:25 AM, Jens Dittrich wrote: > > Hi all! > > > I have a little problem with the Acl. I have Users beloging to Roles. > > I want to set my Acl to check the Roles only, since a per User based > > system is not planned. So I followed the tutorial from the Book 1.3 > > (http://book.cakephp.org/view/1547/Acts-As-a-Requester) where it > > describes the same situation: > > However using bindNode() in the User model does not stop Users from > > being inserted into the Acl's aro list, but as far as I understand the > > tutorial and especially the given example of "Group-only-Acl" where no > > Users are listet in the aro-list. > > > Am I doing something wrong or is the given result of the aros just > > misleading and the Users will be added anyway but just not being > > checked? > > You're not alone. See this > thread:http://groups.google.com/group/cake-php/browse_thread/thread/1a758f55... > > I don't know if it was ever resolved. Searching "bindNode" in tickets > shows these, > though:http://cakephp.lighthouseapp.com/projects/42648/tickets/1343-bindnode...http://cakephp.lighthouseapp.com/projects/42648/tickets/1395-problem-... Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Acl and bindNode()
On Fri, Jan 7, 2011 at 7:25 AM, Jens Dittrich wrote: > Hi all! > > I have a little problem with the Acl. I have Users beloging to Roles. > I want to set my Acl to check the Roles only, since a per User based > system is not planned. So I followed the tutorial from the Book 1.3 > (http://book.cakephp.org/view/1547/Acts-As-a-Requester) where it > describes the same situation: > However using bindNode() in the User model does not stop Users from > being inserted into the Acl's aro list, but as far as I understand the > tutorial and especially the given example of "Group-only-Acl" where no > Users are listet in the aro-list. > > Am I doing something wrong or is the given result of the aros just > misleading and the Users will be added anyway but just not being > checked? You're not alone. See this thread: http://groups.google.com/group/cake-php/browse_thread/thread/1a758f5511091d9d/6e83a40c43cbe44c?show_docid=6e83a40c43cbe44c I don't know if it was ever resolved. Searching "bindNode" in tickets shows these, though: http://cakephp.lighthouseapp.com/projects/42648/tickets/1343-bindnode-inconsistency-between-documentation-and-implementation http://cakephp.lighthouseapp.com/projects/42648/tickets/1395-problem-with-aclnode-node-and-model-bindnode Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Best way to achieve my ACL goal?
Hi folks! :) Im building a website and decided to use CakePHP as framework. So Im totally new to the framework and Im not familiar with alots of things. I have though spent tens of hours reading the CookBook througtly. I have a problem with ACL in my website, which is the reason Im writing this. I have read about the tree structure and dont know really if it fits to my purposes. Let me back up the story a bit... My website is divided in quite many sections. There are few groups who can control specific sections: Admins - Controls all General moderators - Controls same sections as moderators but with higher priviledges over some actions. They dont control things that content developers or general developers control. Moderators - Controls some sections (different than content developers). General content developers - Controls same sections as content developers but with higher priviledges over some actions.They dont control things that moderators or general moderators control. Content developers - Controls some sections (different than moderators). These are the "main" groups. However, there can be people who are mixed in groups like being General moderator and General content developer. Or being content developer and General moderator. so basically I would want a person to be able to be in multiple groups but as far as I understand this is not possible? There are also "special" groups (or roles) like "News writers" and "Critics" which have their specific sections that they are allowed to. Id like to have General moderators plus Admins ofcourse to have the priviledges these controls are accessed to. I'd also like to have some specific users from other groups to be in these groups(roles). Like Moderator being able to be in Critics group (or being a critic) aswell and thus having both pribiledges. How I can achieve this type of ACL with CakePHP? What approach I should use? If there is any good documentation somewhere, please link it. Im really interested in CakePHP and want to read more if there is some. Thanks :) Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Acl and bindNode()
Hi all! I have a little problem with the Acl. I have Users beloging to Roles. I want to set my Acl to check the Roles only, since a per User based system is not planned. So I followed the tutorial from the Book 1.3 (http://book.cakephp.org/view/1547/Acts-As-a-Requester) where it describes the same situation: However using bindNode() in the User model does not stop Users from being inserted into the Acl's aro list, but as far as I understand the tutorial and especially the given example of "Group-only-Acl" where no Users are listet in the aro-list. Am I doing something wrong or is the given result of the aros just misleading and the Users will be added anyway but just not being checked? Regards, Jens Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
