Re: ACL for some fields
thanks, it was really helpful ... On Apr 15, 10:51 am, yodi y...@yodi.web.id wrote: In my ways using ACL, i'm create 2 function in Controller, example : function usersWrite() and function adminWrite(). Then we can set : $this-Auth-mapActions(array('usersWrite'='read')); if($this-Acl-check($this-Auth-user('username'),'Users','*')){ $this-Auth-mapActions(array('adminWrite'='read')); } On Tue, 2009-04-14 at 14:00 -0700, koko wrote: Hello all bakers, I've used ACL many times before, but with a new site I have a problem that can be solved manually but I want to do it in ACL way (if any). Let's say I have a posts table, in posts table there is 'id', 'title', 'body' and 'notes', I want to give the user only the ability to write the title and body, and the admin to write the notes, do you have any ideas or suggestions to do that in ACL? Thanks in advanced. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL clarification
Hi All, I'm setting up Auth and ACL on a site, to manage access to the admin area, and I'm just looking for clarification. I've been looking at the Simple Acl controlled Application in the example applications section of the manual, and also the Access Control Lists bit (under Core Components). It seems to me that the two examples manage access in slightly different ways - the first example creates ACOs for all controller actions, the second creates ACOs for something more akin to controllers, and then uses the granularity implicit in the aros_acos table (the CRUD fields). Firstly, have I understood the two examples correctly? And if so are there obvious pros and cons to the two approaches? Thanks, Toby --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL for some fields
Hello all bakers, I've used ACL many times before, but with a new site I have a problem that can be solved manually but I want to do it in ACL way (if any). Let's say I have a posts table, in posts table there is 'id', 'title', 'body' and 'notes', I want to give the user only the ability to write the title and body, and the admin to write the notes, do you have any ideas or suggestions to do that in ACL? Thanks in advanced. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL denied access to logout()
On Apr 10, 8:50 pm, djXternal trobr...@gmail.com wrote: I have finally managed to get my ACL working, realized I was having issues using UUID's, now the super user can access everything fine when logged in and logout. But users with privledges lesser than that user, who do now have access to the 'Users' controller cannot logout. When I go to /Users/logout I get a 'You are not authorized to access that location.' error. I tried adding permissions to that lesser user to ba able to access only the logout action of the Users controller by doing 'cake acl grant Users Users logout', Users being the low-level group, and I still cannot access it. you just need to $this-Auth-allow('logout'); i.e. make it publicly accessible. AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL - How to handle multiple nested levels of accounts
i guess the theoretical limit on a 32bit system is 4,294,967,296 (2^32), but my first question would be do you need unlimited groups, or unlimited roles? roles being the classification of user where actual ACL permissions are attached (role a can access the users::add method, but role b is not, etc)... a user could have an unlimited amount of roles. On Apr 10, 12:49 pm, zonium zon...@gmail.com wrote: Thank you jmcneese for showing me an alternative to the cake's ACL. Your articles help me understand weaknesses of ACL when used to safeguard records. It's was interesting to see immediate attentions/ reactions from the core developers on those articles as well. One problem (in my case) with the solution you presented is that groups are powers of two.This limits the number of groups to the number of bits in an integer. I have unlimited numbers of groups. Besides, in my case, groups are not in one table where I can use parent_id linking entries for tree behavior to work. I am still looking for advice. Would like to hear from any one who has dealt with a similar situation as mine. On Apr 7, 7:09 am, jmcneese jmcne...@gmail.com wrote: would this help? http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-contr... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Help determining Users/Groups and ACL Permissions
I have the tables: Users, Groups, and GroupsUsers. Users belongToMany Groups. I'm using ACL to manage Users (aros) having crud access to Groups (acos) and individual Users (acos). For example User.1 belongs to Group.A and Group.B and has create/read/ update to Group.A. User.2 belongs to Group.A. When User.1 is logged in and tries to access app/users/view/2 I need to check if User.1 has read access to one or more groups that User.2 belongs to or if User.1 has specific acl permissions to access User.2. What is the most logical way to go about this? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL - How to handle multiple nested levels of accounts
Thank you jmcneese for showing me an alternative to the cake's ACL. Your articles help me understand weaknesses of ACL when used to safeguard records. It's was interesting to see immediate attentions/ reactions from the core developers on those articles as well. One problem (in my case) with the solution you presented is that groups are powers of two.This limits the number of groups to the number of bits in an integer. I have unlimited numbers of groups. Besides, in my case, groups are not in one table where I can use parent_id linking entries for tree behavior to work. I am still looking for advice. Would like to hear from any one who has dealt with a similar situation as mine. On Apr 7, 7:09 am, jmcneese jmcne...@gmail.com wrote: would this help? http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-contr... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL denied access to logout()
I have finally managed to get my ACL working, realized I was having issues using UUID's, now the super user can access everything fine when logged in and logout. But users with privledges lesser than that user, who do now have access to the 'Users' controller cannot logout. When I go to /Users/logout I get a 'You are not authorized to access that location.' error. I tried adding permissions to that lesser user to ba able to access only the logout action of the Users controller by doing 'cake acl grant Users Users logout', Users being the low-level group, and I still cannot access it. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Setting up ACL permissions
Hey everyone I have been following the tutorial on setting up an ACL system, and everything has gone well until I got the the section on setting permissions: http://book.cakephp.org/view/648/Setting-up-permissions I put in the initDb() code they give you there, but when I try and load the page to executre the function I get a Undefined variable: group and Object of class Group could not be converted to int all on the $group = $this-User-Group; statement. I have check my relationships and they are all good, what else could cause this issue? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL - How to handle multiple nested levels of accounts
I'm rebuilding the admin part of a legacy application which has multiple account types and multiple levels of authority and I’m thinking using ACL and seeking some advice. Here are some background: The application needs to handle 4 types of accounts 1-Administrators 2-ContentManagers 3-SiteModerators 4-Authors and several types of resources: - Content - Report Levels of accounts and rules are as followed: Administrators -Admin1 -Admin2 -ContentManagerX -Author1 -Author2 -SiteModeratorA -Author3 -Author4 -SiteModeratorB -Author5 -Author6 -SiteModeratorC -Author7 -Author8 -Author9 -Author10 Each account logs into the admin interface using username and password. Each Admin, ContentManager, SiteModerator and Author has ONE account to create/manage + their own accounts/profiles and accounts/profiles of lower level accounts'. + the content items created by themselves and by lower level accounts' Example: A ContentManagerX can create many SiteModerators (e.g SiteModeratorA, SiteModeratorB, SiteModeratorC) and can manage + accounts/profiles of SiteModeratorA,B,C and content items created by of SiteModeratorA,B,C + account/profiles of Authors (3,4,5,6,7,8) - created by SiteModerators + account/profiles and content items of Authors (1,2) - created by ContentManagerX itself Administrator can create/manage many ContenManagers (X,Y,Z). Except for admin users, an user account at any level should NOT have access to accounts/profiles and content items not under its authority. For example SiteModeratorA should NOT have access to SiteModeratorB's, Author5's and 6’s accounts/profiles and their content items ContentManagerY (not shown on the figure) should NOT have access to accounts and resources that belongs to ContentManagerX There are potentially a couple of millions of content items There are potentially 50K of accounts Most tutorials on the net offer solutions where users belong to fixed groups (e.g Admin / Managers /Users) but my case is a bit different. Levels of accounts are nested. Accounts are also dynamic, meaning I have an unknown number of accounts of ContentManager (X,Y,Z ect.) and those accounts can give birth to an unknown number of SiteModerator (A,B,C etc.). An Author (end user) can be created by/at any level. Authors can register themselves as well (eg. Author 9, 10) The profiles structure are completely different from one account type to another; in order to normalize tables I probably won't put profiles in one single table with parent_id linking entries as found in traditional ‘users’ and ‘groups’ tables. Questions: --- 1 - Naturally, to provide protections at record level I might have to create ARO, ACO and AROs_ACOs entries for all existing accounts / content items. Not only that requires a large amount of work but I am worrying about the performance . How can I avoid this? What is the solution to keep aros, acos and aros_acos table light. (most tutorials including the one on IBM site suggest adding aros/acos for every account and resource item - not sure if it is always a practical approach) 2 – What is the consideration if I use ‘actions’ mode for Auth (e.g Auth::authorize = ‘actions’), I know this mode requires me make an inventory of all controller/action to create acos. 3– Or should I use ‘crud’ mode (e.g Auth::authorize = 'crud'? ) in conjunction with Auth::actionMap 4- would it be better to create an 'users' table to store just accounts (username / password) or they can be spread out into the tables for different account types (content_managers, site_moderators, authors ). 5- Is it easier and more flexible to just use Auth::authorize = ‘controller’ and put all permission checking logic in Controller::isAuthorize() ? Any suggestion is appreciated ( and welcome comments from aranworld, lemoncake, mark_story, francky06l and AD7six - Many thanks to each of you for excellent tutorials on ACL) Zonium --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Using ACL in View?
I believe the proper MVC way to do it is to do the check in your controller and set the variables for you view. So in your controller you might have something like this: if ($this-Acl-check(your acl info)) { $this-set('admin', true); } Then in your view you would simple check the $admin variable: if ($admin) { You html content. } Hope that helps. On Apr 6, 4:20 am, Faza f...@ansi.pl wrote: Hello all, just happily finished setup of group-based ACL in my app, thanks to brilliant tutorial on Cake site. Nevertheless, despite looking around I haven't found any way (known to a noob like me) to use a function similiar to $this-Acl-check() in View, for, say, hiding certain sections of webpage to non-admin users or anything like that. I know, I could do it by saving users group in session and checking it in View, but I'm curious if there's some cake way to do it. Thanks! Regards Jacek --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL - How to handle multiple nested levels of accounts
would this help? http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-control-for-cakephp/ On Apr 7, 1:06 am, zonium zon...@gmail.com wrote: I'm rebuilding the admin part of a legacy application which has multiple account types and multiple levels of authority and I’m thinking using ACL and seeking some advice. Here are some background: The application needs to handle 4 types of accounts 1-Administrators 2-ContentManagers 3-SiteModerators 4-Authors and several types of resources: - Content - Report Levels of accounts and rules are as followed: Administrators -Admin1 -Admin2 -ContentManagerX -Author1 -Author2 -SiteModeratorA -Author3 -Author4 -SiteModeratorB -Author5 -Author6 -SiteModeratorC -Author7 -Author8 -Author9 -Author10 Each account logs into the admin interface using username and password. Each Admin, ContentManager, SiteModerator and Author has ONE account to create/manage + their own accounts/profiles and accounts/profiles of lower level accounts'. + the content items created by themselves and by lower level accounts' Example: A ContentManagerX can create many SiteModerators (e.g SiteModeratorA, SiteModeratorB, SiteModeratorC) and can manage + accounts/profiles of SiteModeratorA,B,C and content items created by of SiteModeratorA,B,C + account/profiles of Authors (3,4,5,6,7,8) - created by SiteModerators + account/profiles and content items of Authors (1,2) - created by ContentManagerX itself Administrator can create/manage many ContenManagers (X,Y,Z). Except for admin users, an user account at any level should NOT have access to accounts/profiles and content items not under its authority. For example SiteModeratorA should NOT have access to SiteModeratorB's, Author5's and 6’s accounts/profiles and their content items ContentManagerY (not shown on the figure) should NOT have access to accounts and resources that belongs to ContentManagerX There are potentially a couple of millions of content items There are potentially 50K of accounts Most tutorials on the net offer solutions where users belong to fixed groups (e.g Admin / Managers /Users) but my case is a bit different. Levels of accounts are nested. Accounts are also dynamic, meaning I have an unknown number of accounts of ContentManager (X,Y,Z ect.) and those accounts can give birth to an unknown number of SiteModerator (A,B,C etc.). An Author (end user) can be created by/at any level. Authors can register themselves as well (eg. Author 9, 10) The profiles structure are completely different from one account type to another; in order to normalize tables I probably won't put profiles in one single table with parent_id linking entries as found in traditional ‘users’ and ‘groups’ tables. Questions: --- 1 - Naturally, to provide protections at record level I might have to create ARO, ACO and AROs_ACOs entries for all existing accounts / content items. Not only that requires a large amount of work but I am worrying about the performance . How can I avoid this? What is the solution to keep aros, acos and aros_acos table light. (most tutorials including the one on IBM site suggest adding aros/acos for every account and resource item - not sure if it is always a practical approach) 2 – What is the consideration if I use ‘actions’ mode for Auth (e.g Auth::authorize = ‘actions’), I know this mode requires me make an inventory of all controller/action to create acos. 3– Or should I use ‘crud’ mode (e.g Auth::authorize = 'crud'? ) in conjunction with Auth::actionMap 4- would it be better to create an 'users' table to store just accounts (username / password) or they can be spread out into the tables for different account types (content_managers, site_moderators, authors ). 5- Is it easier and more flexible to just use Auth::authorize = ‘controller’ and put all permission checking logic in Controller::isAuthorize() ? Any suggestion is appreciated ( and welcome comments from aranworld, lemoncake, mark_story, francky06l and AD7six - Many thanks to each of you for excellent tutorials on ACL) Zonium --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Using ACL in View?
Similiar to what I had in mind, thanks for the input nevertheless :) *thumbs up* Jacek Stinkbug pisze: I believe the proper MVC way to do it is to do the check in your controller and set the variables for you view. So in your controller you might have something like this: if ($this-Acl-check(your acl info)) { $this-set('admin', true); } Then in your view you would simple check the $admin variable: if ($admin) { You html content. } Hope that helps. On Apr 6, 4:20 am, Faza f...@ansi.pl wrote: Hello all, just happily finished setup of group-based ACL in my app, thanks to brilliant tutorial on Cake site. Nevertheless, despite looking around I haven't found any way (known to a noob like me) to use a function similiar to $this-Acl-check() in View, for, say, hiding certain sections of webpage to non-admin users or anything like that. I know, I could do it by saving users group in session and checking it in View, but I'm curious if there's some cake way to do it. Thanks! Regards Jacek --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: containable, bindModel, and record-level ACL (oh my!)
As usual, I was forgetting basic stuff. Notably the 'joins' option. Also, in my confused pecking away at this, I was trying to join the Aro also, but that query couldn't work (this was just the latest of various things I'd tried). Here's how I got it to work after the clue fairy dropped in: groups controller: $group_aro = $this-Acl-Aro-find( 'first', array( 'conditions' = array( 'model' = 'Group', 'foreign_key' = $group_id ), 'recursive' = -1 ) ); $volume_nodes = ClassRegistry::init('Volume')-threadedWithGroupPerms($group_aro['Aro']['foreign_key']); Volume.php: public function threadedWithGroupPerms($group_aro_id) { return $this-find( 'threaded', array( 'recursive' = 1, 'fields' = array('*'), 'joins' = array( array( 'table' = 'acos', 'alias' = 'Aco', 'type' = 'inner', 'conditions'= array( 'Aco.model' = 'Volume', 'Aco.foreign_key = Volume.id' ) ), array( 'table' = 'aros_acos', 'alias' = 'Permission', 'type' = 'inner', 'conditions'= array( 'Permission.aco_id = Aco.id', Permission.aro_id = ${group_aro_id} ) ) ) ) ); } This works great. I now have a nicely-formatted Volume tree (a thousand thank-yous to ad7six for the TreeHelper, which is far better than my own pokey version) that includes the Group's permissions for each. As I said earlier, this is for an admin view, and won't be seeing a lot of action, so I'm not very concerned about performance. It works a treat, in any case. The entire Volume tree is displayed, with controls for grant/deny. My app only requires Acl betwen these 2 Models, so this is probably sufficient for my needs, but this could probably be abstracted somewhat. On Mon, Apr 6, 2009 at 11:32 PM, brian bally.z...@gmail.com wrote: I have a model, Volume, for which I want to limit access from Group, using record-level ACL. Volume is also stored using MPTT (TreeBehavior). So far, I've been able to create the entries in aros, acos, aros_acos. Now, what I need to do is figure out a way to display the Volume tree (easy) but, along with the Volume threaded data, fetch each Volume's permissions wrt a specific Group. This is so that an admin can see at a glance which Volumes a Group has access to by queerying against a specific Group. I plan on using this tree to grant/deny access. I can grab the Aco key for each Volume but can't figure out how to get from that to the Group's permissions. The following code leaves me with the proper tree and, for each Volume, its Aco. But there's no join applied for Permission (aros_acos) nor Aro. Anyone have any ideas? $this-bindModel( array( 'belongsTo' = array( 'Aco' = array( 'foreignKey' = false, 'conditions' = array( 'Aco.model' = 'Volume', 'Aco.foreign_key = Volume.id' ) ) ) ) ); $filters = array( 'fields' = array( 'Volume.id', 'Volume.parent_id', 'Volume.lft', 'Volume.rght', 'Volume.name', ), 'contain' = array( 'Aco' = array( 'fields' = array('Aco.id'), 'Permission' = array( 'Aro' = array( 'conditions' = array( 'Aro.model' = 'Group', Aro.foreign_key = ${group_id} ) ) ) ) ) ); return $this-find('threaded', $filters); The returned array is like: Array ( [0] = Array ( [Volume] = Array ( [id] = 1 [parent_id] = [lft] = 1 [rght] = 171 [name
Acl Not Denying Users
Hey guys, I hope someone can give me some hints; this problem has had me stumped for quite some while now. I'm sort of new to CakePHP. I'm trying to set up my own application using ACL. I've read all of the tutorials at the Cookbook, and I'm pretty sure I followed them correctly. I have my database set up properly with AROs, ACOs, and aros_acos. When I use the AclComponent::check() method to test permissions, the correct boolean value is returned. I created a test user and denied permissions to the root ACO node. However, when I log in with that user, I still have full permissions to do everything: add, edit, view, etc. It's as if ACL is not there at all. The AuthComponent is also being used, and everything seems to be working fine with that. Does anyone have any suggestions or questions about my problem? Any help is, of course, greatly appreciated. Cheers. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
RE: Woes of ACL
In your controllers do you have something like: function beforeFilter() { parent::beforeFilter(); $this-Auth-allowedActions = array('register', 'index');// allow public access to these only $this-Auth-autoRedirect = true; } Dave -Original Message- From: trevorsg [mailto:trevo...@gmail.com] Sent: April-06-09 2:07 AM To: CakePHP Subject: Woes of ACL Hey guys, I've been trying to solve an issue with ACL for two days now, but I just can't find any answers. Basically I'm trying to set up an application to work with Auth and Acl. I followed the tutorials in the Cookbook - I created the database tables, all of the ACOs and AROs are created. Then, I ran a deny for a particular user on the root node. But no matter what I do, every user has access to all parts of the application. I have started this app from scratch twice, and I get the same outcome each time. I think there is something fundamental that I'm missing. The AclComponent::check() method returns the proper boolean value for ARO/ACO pairs that I pass to it, but still users are never denied access to any parts of the site. Hopefully someone here can give me a steer in the right direction. I am happy to provide code or extra information if needed. Thanks very much for any help! Cheers, Trevor --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
redirecting with ACL
hi how can i check for group id and redirect after login to admin site and if it was a member then public member area. I have same login section for both Admin and members. I am trying to do something like this. if($this-Auth-user('group_id')== 5){ $this-Auth-loginRedirect = array('controller'='newsletters', 'action'='index'); } else{ $this-Auth-loginRedirect = array('controller'='Pages', 'action'='display'); } but no success. Any help please.. atta ur rehman --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Woes of ACL
Hey guys, I've been trying to solve an issue with ACL for two days now, but I just can't find any answers. Basically I'm trying to set up an application to work with Auth and Acl. I followed the tutorials in the Cookbook - I created the database tables, all of the ACOs and AROs are created. Then, I ran a deny for a particular user on the root node. But no matter what I do, every user has access to all parts of the application. I have started this app from scratch twice, and I get the same outcome each time. I think there is something fundamental that I'm missing. The AclComponent::check() method returns the proper boolean value for ARO/ACO pairs that I pass to it, but still users are never denied access to any parts of the site. Hopefully someone here can give me a steer in the right direction. I am happy to provide code or extra information if needed. Thanks very much for any help! Cheers, Trevor --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: redirecting with ACL
i have solved this issue like this if($this-Auth-user('group_id')== 5){ $this-redirect(array('controller'='admin/categories', 'action'='add')); } else if($this-Auth-user('group_id')== 6){ $this-redirect(array('controller'='Pages', 'action'='display')); } but it more looks like a hack as its not telling $this-Auth- loginRedirect anyting. Atta On Apr 6, 4:50 pm, atta muh.a...@gmail.com wrote: hi how can i check for group id andredirectafter login to admin site and if it was a member then public member area. I have same login section for both Admin and members. I am trying to do something like this. if($this-Auth-user('group_id')== 5){ $this-Auth-loginRedirect = array('controller'='newsletters', 'action'='index'); } else{ $this-Auth-loginRedirect = array('controller'='Pages', 'action'='display'); } but no success. Any help please.. attaur rehman --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Using ACL in View?
Hello all, just happily finished setup of group-based ACL in my app, thanks to brilliant tutorial on Cake site. Nevertheless, despite looking around I haven't found any way (known to a noob like me) to use a function similiar to $this-Acl-check() in View, for, say, hiding certain sections of webpage to non-admin users or anything like that. I know, I could do it by saving users group in session and checking it in View, but I'm curious if there's some cake way to do it. Thanks! Regards Jacek --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Woes of ACL
Unfortunately that did not work for me. I ended up using the check() method in my app_controller to determine access: var $userId = null; function beforeFilter() { if (null != ($this-userId = $this-Auth-user('id'))) { // what user is trying to access $page = $this-params['controller'] . '/' . $this-params ['action']; // check if user can access page. if (!$this-Acl-check(array('User' = $this-userId), $page)) $this-Redirect-flashWarning('You do not have access to this page.', array('controller' ='pages', 'action' = 'unauthorized')); } } Where Redirect-flashWarning is a flash/redirect method in my own RedirectComponent. Everything seems to work just fine. Is there a reason I shouldn't use this method? Trevor On Apr 6, 5:38 am, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: In your controllers do you have something like: function beforeFilter() { parent::beforeFilter(); $this-Auth-allowedActions = array('register', 'index');// allow public access to these only $this-Auth-autoRedirect = true; } Dave -Original Message- From: trevorsg [mailto:trevo...@gmail.com] Sent: April-06-09 2:07 AM To: CakePHP Subject: Woes of ACL Hey guys, I've been trying to solve an issue with ACL for two days now, but I just can't find any answers. Basically I'm trying to set up an application to work with Auth and Acl. I followed the tutorials in the Cookbook - I created the database tables, all of the ACOs and AROs are created. Then, I ran a deny for a particular user on the root node. But no matter what I do, every user has access to all parts of the application. I have started this app from scratch twice, and I get the same outcome each time. I think there is something fundamental that I'm missing. The AclComponent::check() method returns the proper boolean value for ARO/ACO pairs that I pass to it, but still users are never denied access to any parts of the site. Hopefully someone here can give me a steer in the right direction. I am happy to provide code or extra information if needed. Thanks very much for any help! Cheers, Trevor --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Weird ACL update problem....
bump? On Apr 1, 9:00 am, Matt mmanai...@gmail.com wrote: I have a really weird issue here... I have a supplier update controller action that checks whether or not the user has update permission, if not, it displays an error message, and redirects to the controller index page. Here's the code: $aroAlias = User::.$userid; $acoAlias = Supplier::.$id; if ($this-Acl-check($aroAlias, $acoAlias, 'update')) { $this-set('supplier', $this-Supplier-read(null, $id)); if (!empty($this-data)) { if ($this-Supplier-save($this-data)) { $this-Session-setFlash(__('The Supplier has been saved', true)); $this-redirect(array('action'='index')); } else { $this-Session-setFlash(__('The Supplier could not be saved. Please, try again.', true)); } } if (empty($this-data)) { $this-data = $this-Supplier-read(null, $id); } $users = $this-Supplier-User-find('list'); $this-set(compact('users')); } else { $this-Session-setFlash(__('You are not permitted to edit this supplier.', true)); $this-redirect(array('action'='index')); } Now the weird this is, that on first try for an authorized user, it works, but then, if you refresh the page, or save changes, 7 out of 10 times, I get the 'You are not permitted to edit this supplier' error, but it never redirects... and updates changes no problem... Am I missing something? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
containable, bindModel, and record-level ACL (oh my!)
I have a model, Volume, for which I want to limit access from Group, using record-level ACL. Volume is also stored using MPTT (TreeBehavior). So far, I've been able to create the entries in aros, acos, aros_acos. Now, what I need to do is figure out a way to display the Volume tree (easy) but, along with the Volume threaded data, fetch each Volume's permissions wrt a specific Group. This is so that an admin can see at a glance which Volumes a Group has access to by queerying against a specific Group. I plan on using this tree to grant/deny access. I can grab the Aco key for each Volume but can't figure out how to get from that to the Group's permissions. The following code leaves me with the proper tree and, for each Volume, its Aco. But there's no join applied for Permission (aros_acos) nor Aro. Anyone have any ideas? $this-bindModel( array( 'belongsTo' = array( 'Aco' = array( 'foreignKey' = false, 'conditions' = array( 'Aco.model' = 'Volume', 'Aco.foreign_key = Volume.id' ) ) ) ) ); $filters = array( 'fields' = array( 'Volume.id', 'Volume.parent_id', 'Volume.lft', 'Volume.rght', 'Volume.name', ), 'contain' = array( 'Aco' = array( 'fields' = array('Aco.id'), 'Permission' = array( 'Aro' = array( 'conditions' = array( 'Aro.model' = 'Group', Aro.foreign_key = ${group_id} ) ) ) ) ) ); return $this-find('threaded', $filters); The returned array is like: Array ( [0] = Array ( [Volume] = Array ( [id] = 1 [parent_id] = [lft] = 1 [rght] = 171 [name] = ) [Aco] = Array ( [id] = 2 ) [children] = Array ( ... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Admin Routing + ACL admin_xxx is not accessible
hi all I have searched alot and everybody is discouraging to use both admin routing + acl at a time. Can anybody tell me how can i access admin_xxx if a group is valid for it. Thanks Atta --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Weird ACL update problem....
I have a really weird issue here... I have a supplier update controller action that checks whether or not the user has update permission, if not, it displays an error message, and redirects to the controller index page. Here's the code: $aroAlias = User::.$userid; $acoAlias = Supplier::.$id; if ($this-Acl-check($aroAlias, $acoAlias, 'update')) { $this-set('supplier', $this-Supplier-read(null, $id)); if (!empty($this-data)) { if ($this-Supplier-save($this-data)) { $this-Session-setFlash(__('The Supplier has been saved', true)); $this-redirect(array('action'='index')); } else { $this-Session-setFlash(__('The Supplier could not be saved. Please, try again.', true)); } } if (empty($this-data)) { $this-data = $this-Supplier-read(null, $id); } $users = $this-Supplier-User-find('list'); $this-set(compact('users')); } else { $this-Session-setFlash(__('You are not permitted to edit this supplier.', true)); $this-redirect(array('action'='index')); } Now the weird this is, that on first try for an authorized user, it works, but then, if you refresh the page, or save changes, 7 out of 10 times, I get the 'You are not permitted to edit this supplier' error, but it never redirects... and updates changes no problem... Am I missing something? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL for groups
I think you misinterpreted my confusion, actually. I was referring to the groups table, not aros. I see now that (i think) i don't need a parent_id in groups and that i should deal with the nesting entirely in aros. On Sat, Mar 28, 2009 at 11:51 AM, brian bally.z...@gmail.com wrote: It clearly states that, does it? Would you mind pointing out that line? I've just read that section for probably the 5th time and I don't see it. I'm more than willing to admit that I'm still missing it, though, as this entire subject has been rather confusing. On Sat, Mar 28, 2009 at 11:07 AM, Smelly Eddie ollit...@gmail.com wrote: Yes if you read the ACL section of the manual it clearly states to use null for the top level group. It is advisable in my opinion to make one group 'entire_site' and give yourself unfettered access without having to declare things individually. THis group would have a parent id of nul. On Mar 27, 12:44 pm, brian bally.z...@gmail.com wrote: Thanks for the link but it doesn't explain what I'm looking for, which is the DB table schema. I'm familiar with MPTT (and have used it before) but Cake's parent_id has me confused. But I thought to look at db_acl.sql, which shows parent_id DEFAULT NULL so I'll go with that. On Fri, Mar 27, 2009 at 5:27 AM, djiize seb.jou...@free.fr wrote: For nested groups, you should read this post: http://edwardawebb.com/programming/php-programming/cakephp/nested-tre... In ACL, I (personnaly) think it's a good idea to have a ROOT group, even if you don't use it now, maybe later ;) If you don't want one, a NULL value should suffice. On 27 mar, 05:16, brian bally.z...@gmail.com wrote: I need to have nested groups, so the table has a parent_id column. But, should top-level groups have a NULL parent_id? Or would there have to be a ROOT group, so to speak? I'm having a real hard time sorting all this out. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
RABC vs. ACL Smackdown
Some guy left a comment on a blog that said that I shouldn't be using CakePHP, because its use of ACL is very antiquated. The guy was obviously trying to promote his own PHP framework that uses RABC instead. After reading about RABC, though, I'm having a bit of a hard time understanding the difference between RABC and CakePHP's implementation of ACL. Can someone help me understand what the difference is? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: RABC vs. ACL Smackdown
It's RBAC. I'm not really equipped to properly address the question, though. See here: http://en.wikipedia.org/wiki/Role-based_access_control And check the links at the bottom of the page. On Sat, Mar 28, 2009 at 10:35 AM, aranworld arancarli...@gmail.com wrote: Some guy left a comment on a blog that said that I shouldn't be using CakePHP, because its use of ACL is very antiquated. The guy was obviously trying to promote his own PHP framework that uses RABC instead. After reading about RABC, though, I'm having a bit of a hard time understanding the difference between RABC and CakePHP's implementation of ACL. Can someone help me understand what the difference is? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL for groups
Yes if you read the ACL section of the manual it clearly states to use null for the top level group. It is advisable in my opinion to make one group 'entire_site' and give yourself unfettered access without having to declare things individually. THis group would have a parent id of nul. On Mar 27, 12:44 pm, brian bally.z...@gmail.com wrote: Thanks for the link but it doesn't explain what I'm looking for, which is the DB table schema. I'm familiar with MPTT (and have used it before) but Cake's parent_id has me confused. But I thought to look at db_acl.sql, which shows parent_id DEFAULT NULL so I'll go with that. On Fri, Mar 27, 2009 at 5:27 AM, djiize seb.jou...@free.fr wrote: For nested groups, you should read this post: http://edwardawebb.com/programming/php-programming/cakephp/nested-tre... In ACL, I (personnaly) think it's a good idea to have a ROOT group, even if you don't use it now, maybe later ;) If you don't want one, a NULL value should suffice. On 27 mar, 05:16, brian bally.z...@gmail.com wrote: I need to have nested groups, so the table has a parent_id column. But, should top-level groups have a NULL parent_id? Or would there have to be a ROOT group, so to speak? I'm having a real hard time sorting all this out. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL for groups
It clearly states that, does it? Would you mind pointing out that line? I've just read that section for probably the 5th time and I don't see it. I'm more than willing to admit that I'm still missing it, though, as this entire subject has been rather confusing. On Sat, Mar 28, 2009 at 11:07 AM, Smelly Eddie ollit...@gmail.com wrote: Yes if you read the ACL section of the manual it clearly states to use null for the top level group. It is advisable in my opinion to make one group 'entire_site' and give yourself unfettered access without having to declare things individually. THis group would have a parent id of nul. On Mar 27, 12:44 pm, brian bally.z...@gmail.com wrote: Thanks for the link but it doesn't explain what I'm looking for, which is the DB table schema. I'm familiar with MPTT (and have used it before) but Cake's parent_id has me confused. But I thought to look at db_acl.sql, which shows parent_id DEFAULT NULL so I'll go with that. On Fri, Mar 27, 2009 at 5:27 AM, djiize seb.jou...@free.fr wrote: For nested groups, you should read this post: http://edwardawebb.com/programming/php-programming/cakephp/nested-tre... In ACL, I (personnaly) think it's a good idea to have a ROOT group, even if you don't use it now, maybe later ;) If you don't want one, a NULL value should suffice. On 27 mar, 05:16, brian bally.z...@gmail.com wrote: I need to have nested groups, so the table has a parent_id column. But, should top-level groups have a NULL parent_id? Or would there have to be a ROOT group, so to speak? I'm having a real hard time sorting all this out. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL and Individual Users
Can someone help me understand how / if possible to define individual user permissions using ACL? Is there a good site that explains it? I read thru the Lord of the Rings and see you can define the permissions by hard coding it. But for my application the permissions need to be created / deleted or modified based on USERS specific criteria. I have the USERS as GROUPS defined so each USER in that particular group has access to what parts of the site. But say JEFF and TOM are in GROUP 1 but I want JEFF to be allowed to access a part (edit function in the controller lets say) that no other GROUP 1 user has access to. Make it easier to understand would be a situation like this: JEFF, TOM, BILL are all USERS belongTo Group 1 they can access courses_controller (index) There are 100's of courses to choose from JEFF pays to complete the COURSE on DREAMWEAVER and has 30 days access to that specific COURSE for 30 days then the access is denied. TOM pays for the PHOTOSHOP COURSE which is 14 days and AJAX COURSE which is 21 days Now with hundreds of courses and hundreds of users how would you maintain something like this? So they have access for a limited time depending on the seminar length then revoke access after the time has passed? Its the USERS themselves who determine access they have based on choosing the COURSE. Thanks Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL and Individual Users
Maybe ACL isn't really needed for this. You could have a users_courses table that defined the cut-off date. On Sat, Mar 28, 2009 at 3:49 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: Can someone help me understand how / if possible to define individual user permissions using ACL? Is there a good site that explains it? I read thru the Lord of the Rings and see you can define the permissions by hard coding it. But for my application the permissions need to be created / deleted or modified based on USERS specific criteria. I have the USERS as GROUPS defined so each USER in that particular group has access to what parts of the site. But say JEFF and TOM are in GROUP 1 but I want JEFF to be allowed to access a part (edit function in the controller lets say) that no other GROUP 1 user has access to. Make it easier to understand would be a situation like this: JEFF, TOM, BILL are all USERS belongTo Group 1 they can access courses_controller (index) There are 100's of courses to choose from JEFF pays to complete the COURSE on DREAMWEAVER and has 30 days access to that specific COURSE for 30 days then the access is denied. TOM pays for the PHOTOSHOP COURSE which is 14 days and AJAX COURSE which is 21 days Now with hundreds of courses and hundreds of users how would you maintain something like this? So they have access for a limited time depending on the seminar length then revoke access after the time has passed? Its the USERS themselves who determine access they have based on choosing the COURSE. Thanks Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL and Individual Users
Hi, have you looked at http://book.cakephp.org/view/641/Simple-Acl-controlled-Application. I think it might just be what you need to understand a way to do so, that one actions oriented but you could use that concept for your needs. Good luck! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL for groups
For nested groups, you should read this post: http://edwardawebb.com/programming/php-programming/cakephp/nested-trees-cakephp In ACL, I (personnaly) think it's a good idea to have a ROOT group, even if you don't use it now, maybe later ;) If you don't want one, a NULL value should suffice. On 27 mar, 05:16, brian bally.z...@gmail.com wrote: I need to have nested groups, so the table has a parent_id column. But, should top-level groups have a NULL parent_id? Or would there have to be a ROOT group, so to speak? I'm having a real hard time sorting all this out. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL for groups
Thanks for the link but it doesn't explain what I'm looking for, which is the DB table schema. I'm familiar with MPTT (and have used it before) but Cake's parent_id has me confused. But I thought to look at db_acl.sql, which shows parent_id DEFAULT NULL so I'll go with that. On Fri, Mar 27, 2009 at 5:27 AM, djiize seb.jou...@free.fr wrote: For nested groups, you should read this post: http://edwardawebb.com/programming/php-programming/cakephp/nested-trees-cakephp In ACL, I (personnaly) think it's a good idea to have a ROOT group, even if you don't use it now, maybe later ;) If you don't want one, a NULL value should suffice. On 27 mar, 05:16, brian bally.z...@gmail.com wrote: I need to have nested groups, so the table has a parent_id column. But, should top-level groups have a NULL parent_id? Or would there have to be a ROOT group, so to speak? I'm having a real hard time sorting all this out. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL for groups
I need to have nested groups, so the table has a parent_id column. But, should top-level groups have a NULL parent_id? Or would there have to be a ROOT group, so to speak? I'm having a real hard time sorting all this out. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL Design
Well it sounds like you want global roles, and org specific roles. Although using only roles will keep your table smaller, I disagree with James about 'far less queries being run' though since the structure of Aro trees only requires 1 query whether based on a user or role. The benefit of performance would come from smaller index sizes. But regardless, if you want to avoid adding users to the Aro table, create a structure like; Entire Site |- Org 1 | |-Org 1 Admin | |-Org 1 User |- Org 2 | |-Org 2 Admin | |-Org 2 User L Guests Then you can link each user to a role, in a separate table (Roles). Or if you already have a habtm relationship for Users - Organizations you can simply add an additional role_id column. id user_id org_idrole_id So yes, your are understanding correctly. On Mar 24, 1:02 pm, mguthrie mitchguth...@gmail.com wrote: So if I understand you correctly: 1.) Create roles that are global across the system 2.) Assign those roles to the ARO table 3.) Then in my own separate tables store group information per organization that assigns users to those roles. Am I understanding this correctly? If so that makes for a very efficient solution. On Mar 24, 7:53 am, James K james.m.k...@gmail.com wrote: Unless you need the ability to have fine grained, unique permissions on a per-user basis, then I would avoid entering your users into the ARO table (like most ACL tutorials suggest). Instead add your roles to the ARO table. Then in your system logic, you can pull the user's role in a particular organization, then check against the ACL tables for that role to find out what that user should be able to do in that context. This leaves your ACL tables MUCH lighter, far less queries need to be run against them as well. - James On Mar 23, 8:13 pm, mguthrie mitchguth...@gmail.com wrote: I'm looking into CakePHP for developing an application that appears to have some unique requirements. I'll try to break it down as simply as I can: 1.) Users register with the site 2.) A user can belong to one or more organizations (by invite only). These organizations keep data specific to their organization that isn't shared or publicly available to the rest of the organizations. Think of a CRM where each user can belong to one or more organizations that each manage their own customers in the same system. 3.) A user needs to have different rights depending on the organization. In one organization a user may be an administrator and can do all things but in another they may only be able to view a certain area belonging to that organization. Everything in the application is going to center around a user's current organizational id. So in the backend there will be a lot of filtering by organization ID. Can the CakePHP ACL give me that kind of flexibility? Can a user have different rights to the same database tables depending on which organization they are currently working as? This may be confusing so if anyone needs me to clarify please let me know. Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL Design
I'm looking into CakePHP for developing an application that appears to have some unique requirements. I'll try to break it down as simply as I can: 1.) Users register with the site 2.) A user can belong to one or more organizations (by invite only). These organizations keep data specific to their organization that isn't shared or publicly available to the rest of the organizations. Think of a CRM where each user can belong to one or more organizations that each manage their own customers in the same system. 3.) A user needs to have different rights depending on the organization. In one organization a user may be an administrator and can do all things but in another they may only be able to view a certain area belonging to that organization. Everything in the application is going to center around a user's current organizational id. So in the backend there will be a lot of filtering by organization ID. Can the CakePHP ACL give me that kind of flexibility? Can a user have different rights to the same database tables depending on which organization they are currently working as? This may be confusing so if anyone needs me to clarify please let me know. Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL Design
ACL can give you all the flexibility you need really. This seems like a straight forward solution. If I, eddie, am an Admin for Loco's Tacos, but only a user for Mary's Margaritas, then you can give me permissions as such. allow eddie CRUD rights on Employee records for locos tacos allow eddie R rights on employee records for mary's margaritas The difference between MAry's employee records and Loco's employee records would be the key. The simplest solution would probably be the id for each record. When creating each record you add permisisons. think..oh i am making a new employee for loco's, give the group loco admins(aro) access to this record (Aco) On Mar 23, 8:13 pm, mguthrie mitchguth...@gmail.com wrote: I'm looking into CakePHP for developing an application that appears to have some unique requirements. I'll try to break it down as simply as I can: 1.) Users register with the site 2.) A user can belong to one or more organizations (by invite only). These organizations keep data specific to their organization that isn't shared or publicly available to the rest of the organizations. Think of a CRM where each user can belong to one or more organizations that each manage their own customers in the same system. 3.) A user needs to have different rights depending on the organization. In one organization a user may be an administrator and can do all things but in another they may only be able to view a certain area belonging to that organization. Everything in the application is going to center around a user's current organizational id. So in the backend there will be a lot of filtering by organization ID. Can the CakePHP ACL give me that kind of flexibility? Can a user have different rights to the same database tables depending on which organization they are currently working as? This may be confusing so if anyone needs me to clarify please let me know. Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL Design
So if I understand you correctly: 1.) Create roles that are global across the system 2.) Assign those roles to the ARO table 3.) Then in my own separate tables store group information per organization that assigns users to those roles. Am I understanding this correctly? If so that makes for a very efficient solution. On Mar 24, 7:53 am, James K james.m.k...@gmail.com wrote: Unless you need the ability to have fine grained, unique permissions on a per-user basis, then I would avoid entering your users into the ARO table (like most ACL tutorials suggest). Instead add your roles to the ARO table. Then in your system logic, you can pull the user's role in a particular organization, then check against the ACL tables for that role to find out what that user should be able to do in that context. This leaves your ACL tables MUCH lighter, far less queries need to be run against them as well. - James On Mar 23, 8:13 pm, mguthrie mitchguth...@gmail.com wrote: I'm looking into CakePHP for developing an application that appears to have some unique requirements. I'll try to break it down as simply as I can: 1.) Users register with the site 2.) A user can belong to one or more organizations (by invite only). These organizations keep data specific to their organization that isn't shared or publicly available to the rest of the organizations. Think of a CRM where each user can belong to one or more organizations that each manage their own customers in the same system. 3.) A user needs to have different rights depending on the organization. In one organization a user may be an administrator and can do all things but in another they may only be able to view a certain area belonging to that organization. Everything in the application is going to center around a user's current organizational id. So in the backend there will be a lot of filtering by organization ID. Can the CakePHP ACL give me that kind of flexibility? Can a user have different rights to the same database tables depending on which organization they are currently working as? This may be confusing so if anyone needs me to clarify please let me know. Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Tutorial on User control and ACL
Hello I'm moving from 1.1 to 1.2 and want to set up a whole user registration system using ACL. I went through the tutorial, but am very interested in seeing a proper implementation of user control instead of coming up with a naive implementation. Does anyone have any suggestions at source to look at? I couldn't seem to find much out there on 1.2. Thanks for any tips. ~rocket --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL - How to list all grants by ACO and action
I understand using ACL to grant, revoke, check, etc on a specific ACO. My curiosity is how to list all IDs of a particular model I have access to. So it there is a user named Fee (ARO). And I grant Fee access to read the following items (ACOs) Ship, Paper, Milly. Is there a simple means in the Items Controller Index to return all items fee has access to? THis way when Fee vies the index he only sees Ship, Paper and Milly. I took a look in the API but didn't really see what I was looking for. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL - How to list all grants by ACO and action
What i did.. 1) get logged in user id - $this-Session-read('Auth.user.id') 2) find all related field on acos with aros_acos model. $this-ArosAco-find('all', array('fields' = array('Aco.alias','Aco.lft', 'Aco.rght'), 'order' = 'lft ASC', 'recursive' = 1, 'conditions' = array( 'Aro.id' = $this-Session-read ('Auth.User.id') ) ) ); On Mar 22, 11:13 pm, Smelly_Eddie ollit...@gmail.com wrote: I understand using ACL to grant, revoke, check, etc on a specific ACO. My curiosity is how to list all IDs of a particular model I have access to. So it there is a user named Fee (ARO). And I grant Fee access to read the following items (ACOs) Ship, Paper, Milly. Is there a simple means in the Items Controller Index to return all items fee has access to? THis way when Fee vies the index he only sees Ship, Paper and Milly. I took a look in the API but didn't really see what I was looking for. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL - How to list all grants by ACO and action
What i did... $this-ArosAco-find('all', array('fields' = array('Aco.alias','Aco.lft', 'Aco.rght'), 'order' = 'lft ASC', 'recursive' = 1, 'conditions' = array( 'Aro.id' = $this-Session-read ('Auth.User.id') ) ) ); make sure you put var $uses = array('ArosAco') in your controller. and On Mar 22, 11:13 pm, Smelly_Eddie ollit...@gmail.com wrote: I understand using ACL to grant, revoke, check, etc on a specific ACO. My curiosity is how to list all IDs of a particular model I have access to. So it there is a user named Fee (ARO). And I grant Fee access to read the following items (ACOs) Ship, Paper, Milly. Is there a simple means in the Items Controller Index to return all items fee has access to? THis way when Fee vies the index he only sees Ship, Paper and Milly. I took a look in the API but didn't really see what I was looking for. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL - How to list all grants by ACO and action
Thanks, that is the path I just started stumbling down. Since I am being restrictive to one Model though it looks more like this; $this-ArosAco-find('all', array( 'recursive'=1, 'conditions'=array('Aco.alias'='ModelName','Aro.foreign_key'= $this-someone['User']['id']) ) ); Only trouble is the recursion does not seem to work, and I get the error that aco.field does not exist. And the query shows no joins. Any ideas on that? On Mar 22, 2:45 pm, gimmebucks sapew...@gmail.com wrote: What i did... $this-ArosAco-find('all', array('fields' = array('Aco.alias','Aco.lft', 'Aco.rght'), 'order' = 'lft ASC', 'recursive' = 1, 'conditions' = array( 'Aro.id' = $this-Session-read ('Auth.User.id') ) ) ); make sure you put var $uses = array('ArosAco') in your controller. and On Mar 22, 11:13 pm, Smelly_Eddie ollit...@gmail.com wrote: I understand using ACL to grant, revoke, check, etc on a specific ACO. My curiosity is how to list all IDs of a particular model I have access to. So it there is a user named Fee (ARO). And I grant Fee access to read the following items (ACOs) Ship, Paper, Milly. Is there a simple means in the Items Controller Index to return all items fee has access to? THis way when Fee vies the index he only sees Ship, Paper and Milly. I took a look in the API but didn't really see what I was looking for. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Acl warnings
Hi, i made the example with the acl from http://book.cakephp.org/view/467/Defining-Permissions-Cake-s-Database-ACL and i have the following warning : Warning (512): DbAcl::check() - Failed ARO/ACO node lookup in permissions check. Node references: Aro: warriors/Aragorn Aco: Weapons [CORE/cake/libs/controller/components/acl.php, line 239] Can someone help me with this problem? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL Question
I have been reading more into ACL and with help from the Cake Group it is making more sense so I thank you! I have a question I was hoping for some advice on. My idea involves 2 Groups of Users which have no direct access with each other initially. Where say AGENTS belong to a GROUP and INVESTORS belong to another GROUP. Now each member of the AGENTS group can write articles that only members of the INVESTORS GROUP can see. So if JEFF (AGENT) writes a post LAURA (INVESTORS) can see it easy enough to set that up. Now after LAURA (INVESTOR) reads the post by JEFF (AGENT) and likes what it says she wants to allow JEFF to view her INVESTOR profile. Because right now JEFF (AGENT) cannot view any GROUP 2 INVESTOR profile I need to find away that allows an INVESTOR to AGENT interaction based on the INVESTOR allowing the specific AGENT I was thinking something like this function initDB() { $group = $this-User-Group; //Allow admins to everything $group-id = 1; $this-Acl-allow($group, 'controllers'); //allow investors (LAURA) $group-id = 2; $this-Acl-deny($group, 'controllers'); $this-Acl-allow($group, 'controllers/Investors'); // can only view / edit / delete thier own content $this-Acl-allow($group, 'controllers/Agents/view'); // can view all agents posts //allow agents $group-id = 3; $this-Acl-deny($group, 'controllers'); $this-Acl-allow($group, 'controllers/Investors/view); //so they do have access to view rights but i need a way to block them until an Investor allows $this-Acl-allow($group, 'controllers/Agents'); // can only view / edit / delete thier own content } Does anyone know a good way to set this up? Ideas suggestions? thanks again Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Users with ACL problem
What brian is suggesting is the following: 1. Right not your ARO (requester) is a User, which forces you to distinguish between students and teachers 2. If you make Teacher an ARO and Student another ARO, you eliminate that problem (this is easily done with ACL) On Mar 16, 3:12 am, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: Over my head...this is my first attempt using Cake and with ACL and AUTH and everything else its just overwhelming... So I am not even sure what your trying to explain to me. Forgive my rookie aspect. Still trying to figure out the contain message you sent to me. When you want to list your Bookmark, use contain to grab the Post info, as well. 'contain' = array( 'Post' = array( 'fields' = array( 'title', 'description' ) ) ) I am not using the list. Its all showing up in the related info that shows up on the index page of the user/view so the user can see his bookmarks on his page. Thanks, Dave -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 11:29 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem Actually, I was going somewhere else with this but ... couldn't you just assign the ARO to Teacher instead of User? AFAIK, there's no reason an ARO can't be assigned to something other than a User. On Sun, Mar 15, 2009 at 9:49 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: Yes that is correct. Both the TEACHERS and STUDENTS have a user_id field which is the USER ID. -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 10:20 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem But Teacher should also have a user_id field, yes? On Sun, Mar 15, 2009 at 8:09 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: I think I may have caused my self more of a headache then necessary and would like to hear your thoughts on my set up. On my site there are 2 different GROUPS a USER can sign up as. Each form creates the USER and corresponding TEACHER profile (table has USER_ID) or STUDENT profile (table has USER_ID). So when either signs up it creates a USER and a TEACHER or STUDENT with the USER_ID being the USER ID. I chose to break the USERS for the TEACHERS and STUDENT because the profiles are completely different and have different validation criteria. Now when add the Auth and ACL I want to now set it so the TEACHER or STUDENT can edit their own contributions to the site. Where I am finding the headache is when checking to see if the user can perform specific actions. For example a TEACHER adds a new test the only person who can edit that test would be the teacher who created it (among many other owner related operation). But when the test was created it was done so by using the teacher id and AUTH checks the User id. Now I am sure I can get the user id front the teacher id but that seems like more work than needed because when it comes to the STUDENT side of the site everything will have to be done the same way to find the USER ID there as well. Another problem is the TEACHERS have a lot of HABTM tables where they can select SUPPLIES , BOOKS, SKILLS...etc related to their TEST or EXAM they create which are all related to the TEACHER thru the teacher id not the user_id. In theory I would like to use only the user id but in my situation is that possible because I choose to break up my users? Thanks for you time and insight to all... Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
RE: Users with ACL problem
So I know this may be a stupid question as it is all new to me. In my setup I have: So in english to my understanding is that this links the USER to a GROUP, and based on user permissions says what the USER can , can not do? But not sure how to accomplish what you suggest in linking the TEACHER and STUDENT based on user_id USER MODEL: var $actsAs = array('Acl' = array('requester')); function parentNode() { if (!$this-id empty($this-data)) { return null; } $data = $this-data; if (empty($this-data)) { $data = $this-read(); } if (!$data['User']['group_id']) { return null; } else { return array('Group' = array('id' = $data['User']['group_id'])); } } GROUP MODEL: var $actsAs = array('Acl' = array('requester')); function parentNode() { return null; } How would I set it up to user TEACHER ans STUDENT as you suggest using ACL? Thanks, Dave -Original Message- From: dr. Hannibal Lecter [mailto:lecter...@gmail.com] Sent: March-16-09 8:20 AM To: CakePHP Subject: Re: Users with ACL problem What brian is suggesting is the following: 1. Right not your ARO (requester) is a User, which forces you to distinguish between students and teachers 2. If you make Teacher an ARO and Student another ARO, you eliminate that problem (this is easily done with ACL) On Mar 16, 3:12 am, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: Over my head...this is my first attempt using Cake and with ACL and AUTH and everything else its just overwhelming... So I am not even sure what your trying to explain to me. Forgive my rookie aspect. Still trying to figure out the contain message you sent to me. When you want to list your Bookmark, use contain to grab the Post info, as well. 'contain' = array( 'Post' = array( 'fields' = array( 'title', 'description' ) ) ) I am not using the list. Its all showing up in the related info that shows up on the index page of the user/view so the user can see his bookmarks on his page. Thanks, Dave -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 11:29 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem Actually, I was going somewhere else with this but ... couldn't you just assign the ARO to Teacher instead of User? AFAIK, there's no reason an ARO can't be assigned to something other than a User. On Sun, Mar 15, 2009 at 9:49 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: Yes that is correct. Both the TEACHERS and STUDENTS have a user_id field which is the USER ID. -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 10:20 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem But Teacher should also have a user_id field, yes? On Sun, Mar 15, 2009 at 8:09 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: I think I may have caused my self more of a headache then necessary and would like to hear your thoughts on my set up. On my site there are 2 different GROUPS a USER can sign up as. Each form creates the USER and corresponding TEACHER profile (table has USER_ID) or STUDENT profile (table has USER_ID). So when either signs up it creates a USER and a TEACHER or STUDENT with the USER_ID being the USER ID. I chose to break the USERS for the TEACHERS and STUDENT because the profiles are completely different and have different validation criteria. Now when add the Auth and ACL I want to now set it so the TEACHER or STUDENT can edit their own contributions to the site. Where I am finding the headache is when checking to see if the user can perform specific actions. For example a TEACHER adds a new test the only person who can edit that test would be the teacher who created it (among many other owner related operation). But when the test was created it was done so by using the teacher id and AUTH checks the User id. Now I am sure I can get the user id front the teacher id but that seems like more work than needed because when it comes to the STUDENT side of the site everything will have to be done the same way to find the USER ID there as well. Another problem is the TEACHERS have a lot of HABTM tables where they can select SUPPLIES , BOOKS, SKILLS...etc related to their TEST or EXAM they create which are all related to the TEACHER thru the teacher id not the user_id. In theory I would like to use only the user id but in my situation is that possible because I choose to break up my users? Thanks for you time and insight to all... Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed
RE: Users with ACL problem
Try to give you a better idea of my current set up in the DB TABLES USER TABLE: Id Name Password Group Email Confirmation Confirmed TEACHER TABLE: ID User_id Group_id =3 (All teacher belong to group 3) general profile fields STUDENT TABLE: ID User_id Group_id =4 (All students belong to group 4) general profile fields So if a new user signs up as a TEACHER and it happens to be the 38th USER then USER ID = 38, and in the TEACHER TABLE ID would be auto increment so he would be the next available number so say 17th for the example because 16 other TEACHERS signed up before him and his TEACHER USER_ID is the USER ID = 38 (create both the USER and TEACHER at the same time). Now as it stands I have no problem using ACL, AUTH all logging in perfect and allowed actions and all that good stuff as it is supposed to. But when it comes to the view edit delete actions I want to allow only the owner to delete / edit as you would. But everything as it set up now is using USER ID in AUTH. I just was wondering if there was an easier way of getting the TEACHER or STUDENT USER_ID and comparing it to the AUTH USER ID because this is going to have to be done with almost every controller in the site. Sounds like a mess But I certainly thank you all for your feedback and ideas and suggestions. Dave -Original Message- From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com] Sent: March-16-09 1:26 PM To: cake-php@googlegroups.com Subject: RE: Users with ACL problem So I know this may be a stupid question as it is all new to me. In my setup I have: So in english to my understanding is that this links the USER to a GROUP, and based on user permissions says what the USER can , can not do? But not sure how to accomplish what you suggest in linking the TEACHER and STUDENT based on user_id USER MODEL: var $actsAs = array('Acl' = array('requester')); function parentNode() { if (!$this-id empty($this-data)) { return null; } $data = $this-data; if (empty($this-data)) { $data = $this-read(); } if (!$data['User']['group_id']) { return null; } else { return array('Group' = array('id' = $data['User']['group_id'])); } } GROUP MODEL: var $actsAs = array('Acl' = array('requester')); function parentNode() { return null; } How would I set it up to user TEACHER ans STUDENT as you suggest using ACL? Thanks, Dave -Original Message- From: dr. Hannibal Lecter [mailto:lecter...@gmail.com] Sent: March-16-09 8:20 AM To: CakePHP Subject: Re: Users with ACL problem What brian is suggesting is the following: 1. Right not your ARO (requester) is a User, which forces you to distinguish between students and teachers 2. If you make Teacher an ARO and Student another ARO, you eliminate that problem (this is easily done with ACL) On Mar 16, 3:12 am, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: Over my head...this is my first attempt using Cake and with ACL and AUTH and everything else its just overwhelming... So I am not even sure what your trying to explain to me. Forgive my rookie aspect. Still trying to figure out the contain message you sent to me. When you want to list your Bookmark, use contain to grab the Post info, as well. 'contain' = array( 'Post' = array( 'fields' = array( 'title', 'description' ) ) ) I am not using the list. Its all showing up in the related info that shows up on the index page of the user/view so the user can see his bookmarks on his page. Thanks, Dave -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 11:29 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem Actually, I was going somewhere else with this but ... couldn't you just assign the ARO to Teacher instead of User? AFAIK, there's no reason an ARO can't be assigned to something other than a User. On Sun, Mar 15, 2009 at 9:49 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: Yes that is correct. Both the TEACHERS and STUDENTS have a user_id field which is the USER ID. -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 10:20 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem But Teacher should also have a user_id field, yes? On Sun, Mar 15, 2009 at 8:09 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: I think I may have caused my self more of a headache then necessary and would like to hear your thoughts on my set up. On my site there are 2 different GROUPS a USER can sign up as. Each form creates the USER and corresponding TEACHER profile (table has USER_ID) or STUDENT profile (table has USER_ID). So when either signs up it creates a USER
Some ACL Advice Please - Multiple Group Membership
So I have finally broken down in my stubborn ways and agreed to accept Cake's Acl component. After walking through the manual I believe it will make it into all my future sites. The trouble I am having is to add it to one of my old sites. I am not looking for technical advice so much as conceptual. The example in the Manual uses some or JRR Tolkeins characters to explain, and that's very well. It applies to real world examples of people belonging to groups and inheriting properties form those groups. ** What if people belong to multiple groups? If your familiar with the Manual's example, how would you make Gandalf a Warrior, A hobbit, and A visitor, etc. -- So I guess I need some background on how the Acl component actual does the queries and logic. Please take the following example to understand my question. A large park has many families enjoying picnics. Each family has a few members with exclusive access to their picnic baskets. - No problem My Family |- Myself |- My Brother L My Sister Jones Family |- Timmy |- Tommy L Tina (*My Fiancé) But my fiancé's family is also in the park, and I think she should have access to my family's picnic basket, and she would like to grant me access to her family's. My Family |- Myself |- My Brother |- My Sister L Tina Jones Jones Family |- Timmy |- Tommy |- Tina (*My Fiancé) L Myself This could be expanded to the point that one person 'belongs' to many families, and should get the inherent permissions of all those families. --- So now the dilemma.. I am sure it is the wrong way to go to add duplicate ACO's like above. But instead I will have to add explicit Aco_aro records for myself and tina. Alternately would it be possible to make the Families ACOs. So I can just say that I have access to Tina's family, and she has access to mine. From that My Family has access to our picnic basket, and by inheritance so does Tina. Can something be an ACO and ARO? Or am I just missing something really obvious. I am just wanting to keep things simple as possible. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Users with ACL problem
I think I may have caused my self more of a headache then necessary and would like to hear your thoughts on my set up. On my site there are 2 different GROUPS a USER can sign up as. Each form creates the USER and corresponding TEACHER profile (table has USER_ID) or STUDENT profile (table has USER_ID). So when either signs up it creates a USER and a TEACHER or STUDENT with the USER_ID being the USER ID. I chose to break the USERS for the TEACHERS and STUDENT because the profiles are completely different and have different validation criteria. Now when add the Auth and ACL I want to now set it so the TEACHER or STUDENT can edit their own contributions to the site. Where I am finding the headache is when checking to see if the user can perform specific actions. For example a TEACHER adds a new test the only person who can edit that test would be the teacher who created it (among many other owner related operation). But when the test was created it was done so by using the teacher id and AUTH checks the User id. Now I am sure I can get the user id front the teacher id but that seems like more work than needed because when it comes to the STUDENT side of the site everything will have to be done the same way to find the USER ID there as well. Another problem is the TEACHERS have a lot of HABTM tables where they can select SUPPLIES , BOOKS, SKILLS...etc related to their TEST or EXAM they create which are all related to the TEACHER thru the teacher id not the user_id. In theory I would like to use only the user id but in my situation is that possible because I choose to break up my users? Thanks for you time and insight to all... Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Users with ACL problem
But Teacher should also have a user_id field, yes? On Sun, Mar 15, 2009 at 8:09 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: I think I may have caused my self more of a headache then necessary and would like to hear your thoughts on my set up. On my site there are 2 different GROUPS a USER can sign up as. Each form creates the USER and corresponding TEACHER profile (table has USER_ID) or STUDENT profile (table has USER_ID). So when either signs up it creates a USER and a TEACHER or STUDENT with the USER_ID being the USER ID. I chose to break the USERS for the TEACHERS and STUDENT because the profiles are completely different and have different validation criteria. Now when add the Auth and ACL I want to now set it so the TEACHER or STUDENT can edit their own contributions to the site. Where I am finding the headache is when checking to see if the user can perform specific actions. For example a TEACHER adds a new test the only person who can edit that test would be the teacher who created it (among many other owner related operation). But when the test was created it was done so by using the teacher id and AUTH checks the User id. Now I am sure I can get the user id front the teacher id but that seems like more work than needed because when it comes to the STUDENT side of the site everything will have to be done the same way to find the USER ID there as well. Another problem is the TEACHERS have a lot of HABTM tables where they can select SUPPLIES , BOOKS, SKILLS...etc related to their TEST or EXAM they create which are all related to the TEACHER thru the teacher id not the user_id. In theory I would like to use only the user id but in my situation is that possible because I choose to break up my users? Thanks for you time and insight to all... Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
RE: Users with ACL problem
Yes that is correct. Both the TEACHERS and STUDENTS have a user_id field which is the USER ID. -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 10:20 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem But Teacher should also have a user_id field, yes? On Sun, Mar 15, 2009 at 8:09 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: I think I may have caused my self more of a headache then necessary and would like to hear your thoughts on my set up. On my site there are 2 different GROUPS a USER can sign up as. Each form creates the USER and corresponding TEACHER profile (table has USER_ID) or STUDENT profile (table has USER_ID). So when either signs up it creates a USER and a TEACHER or STUDENT with the USER_ID being the USER ID. I chose to break the USERS for the TEACHERS and STUDENT because the profiles are completely different and have different validation criteria. Now when add the Auth and ACL I want to now set it so the TEACHER or STUDENT can edit their own contributions to the site. Where I am finding the headache is when checking to see if the user can perform specific actions. For example a TEACHER adds a new test the only person who can edit that test would be the teacher who created it (among many other owner related operation). But when the test was created it was done so by using the teacher id and AUTH checks the User id. Now I am sure I can get the user id front the teacher id but that seems like more work than needed because when it comes to the STUDENT side of the site everything will have to be done the same way to find the USER ID there as well. Another problem is the TEACHERS have a lot of HABTM tables where they can select SUPPLIES , BOOKS, SKILLS...etc related to their TEST or EXAM they create which are all related to the TEACHER thru the teacher id not the user_id. In theory I would like to use only the user id but in my situation is that possible because I choose to break up my users? Thanks for you time and insight to all... Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Users with ACL problem
Actually, I was going somewhere else with this but ... couldn't you just assign the ARO to Teacher instead of User? AFAIK, there's no reason an ARO can't be assigned to something other than a User. On Sun, Mar 15, 2009 at 9:49 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: Yes that is correct. Both the TEACHERS and STUDENTS have a user_id field which is the USER ID. -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 10:20 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem But Teacher should also have a user_id field, yes? On Sun, Mar 15, 2009 at 8:09 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: I think I may have caused my self more of a headache then necessary and would like to hear your thoughts on my set up. On my site there are 2 different GROUPS a USER can sign up as. Each form creates the USER and corresponding TEACHER profile (table has USER_ID) or STUDENT profile (table has USER_ID). So when either signs up it creates a USER and a TEACHER or STUDENT with the USER_ID being the USER ID. I chose to break the USERS for the TEACHERS and STUDENT because the profiles are completely different and have different validation criteria. Now when add the Auth and ACL I want to now set it so the TEACHER or STUDENT can edit their own contributions to the site. Where I am finding the headache is when checking to see if the user can perform specific actions. For example a TEACHER adds a new test the only person who can edit that test would be the teacher who created it (among many other owner related operation). But when the test was created it was done so by using the teacher id and AUTH checks the User id. Now I am sure I can get the user id front the teacher id but that seems like more work than needed because when it comes to the STUDENT side of the site everything will have to be done the same way to find the USER ID there as well. Another problem is the TEACHERS have a lot of HABTM tables where they can select SUPPLIES , BOOKS, SKILLS...etc related to their TEST or EXAM they create which are all related to the TEACHER thru the teacher id not the user_id. In theory I would like to use only the user id but in my situation is that possible because I choose to break up my users? Thanks for you time and insight to all... Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
RE: Users with ACL problem
Over my head...this is my first attempt using Cake and with ACL and AUTH and everything else its just overwhelming... So I am not even sure what your trying to explain to me. Forgive my rookie aspect. Still trying to figure out the contain message you sent to me. When you want to list your Bookmark, use contain to grab the Post info, as well. 'contain' = array( 'Post' = array( 'fields' = array( 'title', 'description' ) ) ) I am not using the list. Its all showing up in the related info that shows up on the index page of the user/view so the user can see his bookmarks on his page. Thanks, Dave -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 11:29 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem Actually, I was going somewhere else with this but ... couldn't you just assign the ARO to Teacher instead of User? AFAIK, there's no reason an ARO can't be assigned to something other than a User. On Sun, Mar 15, 2009 at 9:49 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: Yes that is correct. Both the TEACHERS and STUDENTS have a user_id field which is the USER ID. -Original Message- From: brian [mailto:bally.z...@gmail.com] Sent: March-15-09 10:20 PM To: cake-php@googlegroups.com Subject: Re: Users with ACL problem But Teacher should also have a user_id field, yes? On Sun, Mar 15, 2009 at 8:09 PM, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: I think I may have caused my self more of a headache then necessary and would like to hear your thoughts on my set up. On my site there are 2 different GROUPS a USER can sign up as. Each form creates the USER and corresponding TEACHER profile (table has USER_ID) or STUDENT profile (table has USER_ID). So when either signs up it creates a USER and a TEACHER or STUDENT with the USER_ID being the USER ID. I chose to break the USERS for the TEACHERS and STUDENT because the profiles are completely different and have different validation criteria. Now when add the Auth and ACL I want to now set it so the TEACHER or STUDENT can edit their own contributions to the site. Where I am finding the headache is when checking to see if the user can perform specific actions. For example a TEACHER adds a new test the only person who can edit that test would be the teacher who created it (among many other owner related operation). But when the test was created it was done so by using the teacher id and AUTH checks the User id. Now I am sure I can get the user id front the teacher id but that seems like more work than needed because when it comes to the STUDENT side of the site everything will have to be done the same way to find the USER ID there as well. Another problem is the TEACHERS have a lot of HABTM tables where they can select SUPPLIES , BOOKS, SKILLS...etc related to their TEST or EXAM they create which are all related to the TEACHER thru the teacher id not the user_id. In theory I would like to use only the user id but in my situation is that possible because I choose to break up my users? Thanks for you time and insight to all... Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Multiple User Levels Without ACL
I am trying to code a system with 3 different user levels, admin, technicians, and clients. They all have logins and will use the users controller. My question is a philosophical one, not a technical one. So I have the technicians and clients, for the most part they are similar, but they will be doing very different things. Does it make sense to create a new model for each? Or just stack everything in the User model. What is the best way to define the relationship? A Technician belongs to a User? Any help is most appreciated, thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Multiple User Levels Without ACL
On Fri, Mar 13, 2009 at 2:34 PM, Chez17 che...@gmail.com wrote: I am trying to code a system with 3 different user levels, admin, technicians, and clients. They all have logins and will use the users controller. My question is a philosophical one, not a technical one. So I have the technicians and clients, for the most part they are similar, but they will be doing very different things. Does it make sense to create a new model for each? Or just stack everything in the User model. What is the best way to define the relationship? A Technician belongs to a User? Any help is most appreciated, thanks. Whether you use ACL or not, I'd recommend that you create models for each of these. You can put all of the common stuff (esp. username password). How you then associate User with the other models depends on what you want to do and your preferences, as there are a couple of options. Have a look at this Bakery article for starters: http://bakery.cakephp.org/articles/view/inheritable-behavior-missing-link-of-cake-model --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Multiple User Levels Without ACL
Thank you for the article and the advice. I decided not to use it because there wasn't a lot of documentation around the web on it and I didn't want to go all in on something that is experimental. Again, thanks for the article. On Mar 13, 2:41 pm, brian bally.z...@gmail.com wrote: On Fri, Mar 13, 2009 at 2:34 PM, Chez17 che...@gmail.com wrote: I am trying to code a system with 3 different user levels, admin, technicians, and clients. They all have logins and will use the users controller. My question is a philosophical one, not a technical one. So I have the technicians and clients, for the most part they are similar, but they will be doing very different things. Does it make sense to create a new model for each? Or just stack everything in the User model. What is the best way to define the relationship? A Technician belongs to a User? Any help is most appreciated, thanks. Whether you use ACL or not, I'd recommend that you create models for each of these. You can put all of the common stuff (esp. username password). How you then associate User with the other models depends on what you want to do and your preferences, as there are a couple of options. Have a look at this Bakery article for starters: http://bakery.cakephp.org/articles/view/inheritable-behavior-missing-... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
String 'NULL' inserted instead of value NULL with ACL, MSSQL. Help?
I've been grinding away with ACL on a project, and I'm running into what appears to be a bug with the ACL code and dbo_mssql.php. Basically inserting new aco records fail due to cake generating incorrect SQL code (it puts single quotes around a NULL, thus inserting the string NULL, not NULL itself). I found this ticket (https://trac.cakephp.org/ticket/6024) in the trac which is basically exactly what's happening to me as well. It appears this hasn't been fixed in the latest nightly though, and I was wondering if anyone had an idea on how to apply a fix until the bug has been resolved. I also found an older reported bug that appears to be the same thing (https:// trac.cakephp.org/ticket/5381). I've been digging in libs/model/datasources/dbo/dbo_mssql.php, and libs/model/db_acl.php, but haven't been able to see where the quotes are being applied to the NULL value. My guess is there just needs to be an extra conditional to check for a null value and not apply quotes in that case. If anyone knows where this can be resolved, that would be awesome. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: String 'NULL' inserted instead of value NULL with ACL, MSSQL. Help?
I found what so far seems like a temporary fix for this issue. It's probably not ideal, but the only drawback I think would be if you wanted to actually insert the string 'NULL', you can't after this fix. On line 278 in cake/libs/model/datasources/dbo/dbo_mssql.php, change: if (in_array($column, array('integer', 'float', 'binary')) is_numeric($data)) { to if ((in_array($column, array('integer', 'float', 'binary')) is_numeric($data)) || $data == 'NULL') { Now, if $data is NULL, it will get caught in this conditional and return without enclosing single quotes. I suppose you could change the last part to strtolower($data) == 'null' to catch any form of NULL instead. On Mar 11, 9:04 am, George geo...@hakumei.net wrote: I've been grinding away with ACL on a project, and I'm running into what appears to be a bug with the ACL code and dbo_mssql.php. Basically inserting new aco records fail due to cake generating incorrect SQL code (it puts single quotes around a NULL, thus inserting the string NULL, not NULL itself). I found this ticket (https://trac.cakephp.org/ticket/6024) in the trac which is basically exactly what's happening to me as well. It appears this hasn't been fixed in the latest nightly though, and I was wondering if anyone had an idea on how to apply a fix until the bug has been resolved. I also found an older reported bug that appears to be the same thing (https:// trac.cakephp.org/ticket/5381). I've been digging in libs/model/datasources/dbo/dbo_mssql.php, and libs/model/db_acl.php, but haven't been able to see where the quotes are being applied to the NULL value. My guess is there just needs to be an extra conditional to check for a null value and not apply quotes in that case. If anyone knows where this can be resolved, that would be awesome. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL creation on registration
Ok I figured this outIt wasn't what I thought at all and is a stupid error, but by sharing maybe I can prevent this from happening to someone else. What happened is I had the model registered in my User Controller like so: App::import('Model','Realm'); $Realm = new Realm; This didn't work. When I changed the code to be: $this-User-Realm-save($data) it works. So I guess if you have a belongsTo relationship (Realm belongs to user) in your controller then you cannot use the App::import and have it always work. Fred On Mar 10, 1:19 am, Fred fb...@multiply.it wrote: I am having trouble getting ACL to function properly. Everything works as long as you are logged in. However, now I want to dynamically create a user when they register (i.e. they aren't logged in). So I create the user (that works) and then create a realm (a realm is requester for ACL and basically maps users to AROs/permissions). This all works until I try to create a new Realm without being logged in (this is the only possible difference that I can see). The Realm is actually created in the save function, however in the AfterSave call I get an error in the acl.php file. I cannot figure out why this is happening or how to prevent it. Any help is much appreciated. Notice (8): Undefined property: Realm::$Aro [CORE\cake\libs\model \behaviors\acl.php, line 77] Fatal error: Call to a member function node() on a non-object in C: \xampp\htdocs\ispi\cake\libs\model\behaviors\acl.php on line 77 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL for specific resources?
Is it possible to set an ACO on specific rows? As an example, if I have an Item table, could I have some Groups be able to read Item.43, while not Item.44? Same goes for other CRUD operations. A lot of the ACL information I've been seeing suggests that I can do this, but I haven't seen any examples that go there. Am I just mis-reading this? If so, please post a link to something that explains this, if one is known. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL and Auth with additional checking
Thanks for posting all this. I've just started--yesterday--trying to work out how to go about something similar. I haven't used ACL at all and I was really confused about row-level access. It looks like I'll be able to adapt your code for my use. The one big difference is that I'll need to control a model that implements TreeBehavior (think folder hierarchy). One thing I'd change is in su_index(): put the check on group_id at the top to avoid all that logic. function su_index() { $conditions = null; if ($this-Auth-user('group_id') == 4) { $papers = array(); $user_id = $this-Auth-user('id'); $nodes = $this-Acl-Aro-findByForeignKeyAndModel($user_id, 'User'); foreach ($nodes['Aco'] as $node) { if ($node['model'] === 'Paper') { $papers[] = $node['foreign_key']; } // Get children from volumes if ($node['model'] === 'Volume') { $children = $this-Acl-Aco-children($node['id']); foreach ($children as $child) { $papers[] = $child['Aco']['foreign_key']; } } } $conditions = array('Paper.id' = $papers); } $this-set('papers', $this-paginate($conditions)); } Although, if it were my project, I'd make the admin group ID 1. If you later add more groups you'll run into problems. Having said _that_, though, I have to say that I'm a bit confused about how this is supposed to work. If it's an admin, you want all files to show up, otherwise, check ACL for access. You're getting the $user_id from the session, but it appears that this is an admin-only method. (Is 'su' your admin prefix?) If you want that an admin can see the allowed Papers for a particular user, I'd think you'd need to pass the ID as a param. Did I read that correctly? On Sun, Mar 1, 2009 at 1:43 PM, Aidan Lister aidanlis...@gmail.com wrote: The final piece of the puzzle. The only thing remaining was displaying the list of papers and volumes that a user had access to, instead of all the papers/volumes. ?php // papers_controller.php function su_index() { $papers = array(); $user_id = $this-Auth-user('id'); $nodes = $this-Acl-Aro-findByForeignKeyAndModel($user_id, 'User'); foreach ($nodes['Aco'] as $node) { if ($node['model'] === 'Paper') { $papers[] = $node['foreign_key']; } // Get children from volumes if ($node['model'] === 'Volume') { $children = $this-Acl-Aco-children($node['id']); foreach ($children as $child) { $papers[] = $child['Aco']['foreign_key']; } } } $conditions = array('Paper.id' = $papers); if ($this-Auth-user('group_id') == 4) { $conditions = null; } $this-set('papers', $this-paginate($conditions)); } ? The same applies to the volumes controller, but a little simpler as you don't need the hierarchy. There must be an easier way to retrieve a set of Model records given an ARO and a parent ACO, but I couldn't find it. If anyone has any tips/suggestions, let me know. HTH, Aidan On Mar 2, 12:13 am, Aidan Lister aidanlis...@gmail.com wrote: For the archives, this is a step-by-step on how I solved the problem: Rather than controllers/Papers/view/n which becomes unwieldy given you have to create an ACO for each action, I instead created an ACO for each row in my two models. Thanks to markstory for the suggestion. I created the following ACO heirachy: Papers/volume id/paper id This allowed me to give editors access to a volume, which automatically gives access to the papers inside. This is the beauty of ACLs. I created the ACO tree like so (using acltool, a custom cake shell component): ?php // $ cake acltool aco_models function aco_models() { $this-out('Starting models sync'); $Paper = ClassRegistry::init('Paper'); $Volume = ClassRegistry::init('Volume'); // Create the root node $root_alias = 'papers'; $this-Aco-create(); $this-Aco-save(array('parent_id' = null, 'model' = null, 'alias' = $root_alias)); $aco_root = $this-Aco-id; // Iterate all the volumes $volumes = $Volume-findAll(); foreach ($volumes as $volume) { // Create a node for the volume $this-out(sprintf('Created Aco node: %s/%s', $root_alias
Understanding ACL
I have been reading more into ACL in the Cookbook and have been making changes to the application I have been working on. I see in the cookbook: Fellowship of the Ring (Deny: all) * Warriors (Allow: Weapons, Ale, Elven Rations, Salted Pork) * Aragorn (Allow: Diplomacy) * Legolas * Gimli * Wizards (Allow: Salted Pork, Diplomacy, Ale) * Gandalf * Hobbits (Allow: Ale) * Frodo (Allow: Ring) * Bilbo * Merry (Deny: Ale) * Pippin (Allow: Diplomacy) * Visitors (Allow: Salted Pork) * Gollum I was wondering how to go about changing what a user is allowed. Easiest example in terms of writing it out would be something like you can go to the theatre to watch a movie but unless you pay your only going to wait in the lobby So they have access to the movieTheater_controller but they dont have permission to the view_movie function() unless they paid admission. So the permission is based temporarily if they paid and once the movie is over your access is denied. Hope that makes some kind of sense. Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL creation on registration
I am having trouble getting ACL to function properly. Everything works as long as you are logged in. However, now I want to dynamically create a user when they register (i.e. they aren't logged in). So I create the user (that works) and then create a realm (a realm is requester for ACL and basically maps users to AROs/permissions). This all works until I try to create a new Realm without being logged in (this is the only possible difference that I can see). The Realm is actually created in the save function, however in the AfterSave call I get an error in the acl.php file. I cannot figure out why this is happening or how to prevent it. Any help is much appreciated. Notice (8): Undefined property: Realm::$Aro [CORE\cake\libs\model \behaviors\acl.php, line 77] Fatal error: Call to a member function node() on a non-object in C: \xampp\htdocs\ispi\cake\libs\model\behaviors\acl.php on line 77 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Acl debugging help
I am getting a really strange behavior and I cannot figure out how to debug it. I have my ACL component setup as so: - controller - ACO's are realms a user is part of (permissions are given by realm) This works great when I add/modify through the admin routines auto generated. However, I now want users to be able to register. I create the realm on the fly in the code and it creates the realm, but after creating the realm it gives me the error below. Everything I have tried to find where the error is coming from leads me no where. Any pointers would be appreciated: Notice (8): Undefined property: Realm::$Aro [CORE\cake\libs\model \behaviors\acl.php, line 77] Code | Context $model = Realm Realm::$name = Realm Realm::$validate = array Realm::$actsAs = array Realm::$hasMany = array Realm::$belongsTo = array Realm::$useDbConfig = default Realm::$useTable = realms Realm::$displayField = name Realm::$id = 42 Realm::$data = array Realm::$table = realms Realm::$primaryKey = id Realm::$_schema = array Realm::$validationErrors = array Realm::$tablePrefix = Realm::$alias = Realm Realm::$tableToModel = array Realm::$logTransactions = false Realm::$transactional = false Realm::$cacheQueries = false Realm::$hasOne = array Realm::$hasAndBelongsToMany = array Realm::$Behaviors = BehaviorCollection object Realm::$whitelist = array Realm::$cacheSources = true Realm::$findQueryType = NULL Realm::$recursive = 1 Realm::$order = NULL Realm::$__exists = NULL Realm::$__associationKeys = array Realm::$__associations = array Realm::$__backAssociation = array Realm::$__insertID = 42 Realm::$__numRows = NULL Realm::$__affectedRows = NULL Realm::$_findMethods = array Realm::$_log = NULL Realm::$User = User object $ref= array( Realm = array( id = 2 ) ) $type = Aro $ref = array('model' = $model-name, 'foreign_key' = $model-id); } return $model-{$type}-node($ref); AclBehavior::node() - CORE\cake\libs\model\behaviors\acl.php, line 77 AclBehavior::afterSave() - CORE\cake\libs\model\behaviors\acl.php, line 91 ModelBehavior::dispatchMethod() - CORE\cake\libs\model\behavior.php, line 162 BehaviorCollection::trigger() - CORE\cake\libs\model\behavior.php, line 440 Model::save() - CORE\cake\libs\model\model.php, line 1244 UsersController::signup() - APP\controllers\users_controller.php, line 155 Object::dispatchMethod() - CORE\cake\libs\object.php, line 115 Dispatcher::_invoke() - CORE\cake\dispatcher.php, line 245 Dispatcher::dispatch() - CORE\cake\dispatcher.php, line 211 [main] - APP\webroot\index.php, line 91 Fatal error: Call to a member function node() on a non-object in C: \xampp\htdocs\ispi\cake\libs\model\behaviors\acl.php on line 77 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Acl debugging help
Ok I just figured out one thing that might make a difference. If I delete a Realm it deletes it and deletes the ARO, but the info in the aros_acos table isn't deleted. Does this have to be deleted manually before you delete an ARO record? I think this is a separate problem to below, but maybe they are related somehow. On Mar 9, 12:30 am, Fred fb...@multiply.it wrote: I am getting a really strange behavior and I cannot figure out how to debug it. I have my ACL component setup as so: - controller - ACO's are realms a user is part of (permissions are given by realm) This works great when I add/modify through the admin routines auto generated. However, I now want users to be able to register. I create the realm on the fly in the code and it creates the realm, but after creating the realm it gives me the error below. Everything I have tried to find where the error is coming from leads me no where. Any pointers would be appreciated: Notice (8): Undefined property: Realm::$Aro [CORE\cake\libs\model \behaviors\acl.php, line 77] Code | Context $model = Realm Realm::$name = Realm Realm::$validate = array Realm::$actsAs = array Realm::$hasMany = array Realm::$belongsTo = array Realm::$useDbConfig = default Realm::$useTable = realms Realm::$displayField = name Realm::$id = 42 Realm::$data = array Realm::$table = realms Realm::$primaryKey = id Realm::$_schema = array Realm::$validationErrors = array Realm::$tablePrefix = Realm::$alias = Realm Realm::$tableToModel = array Realm::$logTransactions = false Realm::$transactional = false Realm::$cacheQueries = false Realm::$hasOne = array Realm::$hasAndBelongsToMany = array Realm::$Behaviors = BehaviorCollection object Realm::$whitelist = array Realm::$cacheSources = true Realm::$findQueryType = NULL Realm::$recursive = 1 Realm::$order = NULL Realm::$__exists = NULL Realm::$__associationKeys = array Realm::$__associations = array Realm::$__backAssociation = array Realm::$__insertID = 42 Realm::$__numRows = NULL Realm::$__affectedRows = NULL Realm::$_findMethods = array Realm::$_log = NULL Realm::$User = User object $ref = array( Realm = array( id = 2 ) ) $type = Aro $ref = array('model' = $model-name, 'foreign_key' = $model-id); } return $model-{$type}-node($ref); AclBehavior::node() - CORE\cake\libs\model\behaviors\acl.php, line 77 AclBehavior::afterSave() - CORE\cake\libs\model\behaviors\acl.php, line 91 ModelBehavior::dispatchMethod() - CORE\cake\libs\model\behavior.php, line 162 BehaviorCollection::trigger() - CORE\cake\libs\model\behavior.php, line 440 Model::save() - CORE\cake\libs\model\model.php, line 1244 UsersController::signup() - APP\controllers\users_controller.php, line 155 Object::dispatchMethod() - CORE\cake\libs\object.php, line 115 Dispatcher::_invoke() - CORE\cake\dispatcher.php, line 245 Dispatcher::dispatch() - CORE\cake\dispatcher.php, line 211 [main] - APP\webroot\index.php, line 91 Fatal error: Call to a member function node() on a non-object in C: \xampp\htdocs\ispi\cake\libs\model\behaviors\acl.php on line 77 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL Scenario
Wondering if I could get some general feed back on what would be the best way to set up ACL with a situation like this. Education site basically. A User signs up and during registration they select they teaching professional level ( Pre-School thru Grade 12 each with a value in the database 1-13 or such) In the site the User can add a article(Post or whatever) but the only people who can see the messages/articles would be the people in the same professional level. So a grade 3 teacher can only see content added by other grade 3 teachers and so on like that. Now I was wondering how would I set something like that up? Would I just set all the teachers up in 1 group then in the controller, based on the professional level set up the restrictions and filtering of the content? So when the teacher logs in use their level to run a query to pull the data related to them? Ideas, thoughts, suggestions? thanks, Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL and Auth with additional checking
For the archives, this is a step-by-step on how I solved the problem: Rather than controllers/Papers/view/n which becomes unwieldy given you have to create an ACO for each action, I instead created an ACO for each row in my two models. Thanks to markstory for the suggestion. I created the following ACO heirachy: Papers/volume id/paper id This allowed me to give editors access to a volume, which automatically gives access to the papers inside. This is the beauty of ACLs. I created the ACO tree like so (using acltool, a custom cake shell component): ?php // $ cake acltool aco_models function aco_models() { $this-out('Starting models sync'); $Paper = ClassRegistry::init('Paper'); $Volume = ClassRegistry::init('Volume'); // Create the root node $root_alias = 'papers'; $this-Aco-create(); $this-Aco-save(array('parent_id' = null, 'model' = null, 'alias' = $root_alias)); $aco_root = $this-Aco-id; // Iterate all the volumes $volumes = $Volume-findAll(); foreach ($volumes as $volume) { // Create a node for the volume $this-out(sprintf('Created Aco node: %s/%s', $root_alias, $volume['Volume']['number'])); $this-Aco-create(); $row = array('parent_id' = $aco_root, 'foreign_key' = $volume['Volume']['id'], 'model' = 'Volume', 'alias' = $volume ['Volume']['number']); $this-Aco-save($row); $parent_id = $this-Aco-id; // Iterate all the papers $papers = $Paper-find('all', array('conditions' = array ('volume_id' = $volume['Volume']['id']), 'recursive' = -1)); foreach ($papers as $paper) { // Create a node for the paper $this-out(sprintf('Created Aco node: %s/%s/%s', $root_alias, $volume['Volume']['number'], $paper['Paper']['slug'])); $this-Acl-Aco-create(); $row = array('parent_id' = $parent_id, 'foreign_key' = $paper['Paper']['id'], 'model' = 'Paper', 'alias' = $paper ['Paper']['slug']); $this-Acl-Aco-save($row); } } } ? Once all the ACOs are created, I gave access to my editors and authors like so: ?php // $ cake acltool vol_perms function vol_perms() { // Row level access for volumes $this-out('Creating row-level permissions for volumes'); $Volume = ClassRegistry::init('Volume'); $volumes = $Volume-findAll(); foreach ($volumes as $vol) { $this-out(sprintf('- Entering volume number %s', $vol ['Volume']['number'])); $Volume-id = $vol['Volume']['id']; foreach ($vol['User'] as $user) { $this-out(sprintf('-- Granting access to %s', $user ['name'])); $User-id = $user['id']; $this-Acl-allow($User, $Volume); } } } ? Next we need to inform our models about our chosen ACO structure: ?php // volume.php function parentNode() { return null; } // paper.php function parentNode() { if (!$this-id empty($this-data)) { return null; } $data = $this-data; if (empty($this-data)) { $data = $this-read(); } if (empty($data['Paper']['volume_id'])) { return null; } else { return array('Volume' = array('id' = $data['Paper'] ['volume_id'])); } } ? Next, in our controllers that we wish to handle the row-level access we do the following: In beforeFilter, we check that they're not an admin, then we apply our Acl check. This relies on the fact that a) access is blocked to users by the 'controllers' Aco tree and b) access is granted to editors/ volumes to this controller by the 'controllers' Aco tree. Both of these constraints are enforced by Auth (with $this-Auth-authorize = 'actions'). ?php // Check row-level access if (isset($this-params['pass'][0]) $this-Auth-user ('group_id') 4) { $aco = $this-Acl-Aco-findByModelAndForeignKey('Paper', $this-params['pass'][0]); $aro = $this-Acl-Aro-findByModelAndForeignKey('User', $this-Auth-user('id')); if (!$this-Acl-check($aro['Aro'], $aco['Aco'])) { $this-Session-setFlash($this-Auth-authError); $this-redirect(array('su' = true, 'controller' = 'papers', 'action' = 'index')); } } ? And that's it. If anyone has any improvements or suggestions I'd love to here them. Cheers, Aidan Lister On Mar 1, 4:36 pm, Aidan Lister aidanlis...@gmail.com wrote: Hello, I need to do some additional row level ACL access control for two of my models. My system has the following groups: admins, editors, authors and users. I'm restricting access to my controller actions using the Auth component, via $this-Auth-authorize = 'actions'. At the moment, my authors have access to controllers/Papers/view, I
Re: ACL and Auth with additional checking
The final piece of the puzzle. The only thing remaining was displaying the list of papers and volumes that a user had access to, instead of all the papers/volumes. ?php // papers_controller.php function su_index() { $papers = array(); $user_id = $this-Auth-user('id'); $nodes = $this-Acl-Aro-findByForeignKeyAndModel($user_id, 'User'); foreach ($nodes['Aco'] as $node) { if ($node['model'] === 'Paper') { $papers[] = $node['foreign_key']; } // Get children from volumes if ($node['model'] === 'Volume') { $children = $this-Acl-Aco-children($node['id']); foreach ($children as $child) { $papers[] = $child['Aco']['foreign_key']; } } } $conditions = array('Paper.id' = $papers); if ($this-Auth-user('group_id') == 4) { $conditions = null; } $this-set('papers', $this-paginate($conditions)); } ? The same applies to the volumes controller, but a little simpler as you don't need the hierarchy. There must be an easier way to retrieve a set of Model records given an ARO and a parent ACO, but I couldn't find it. If anyone has any tips/suggestions, let me know. HTH, Aidan On Mar 2, 12:13 am, Aidan Lister aidanlis...@gmail.com wrote: For the archives, this is a step-by-step on how I solved the problem: Rather than controllers/Papers/view/n which becomes unwieldy given you have to create an ACO for each action, I instead created an ACO for each row in my two models. Thanks to markstory for the suggestion. I created the following ACO heirachy: Papers/volume id/paper id This allowed me to give editors access to a volume, which automatically gives access to the papers inside. This is the beauty of ACLs. I created the ACO tree like so (using acltool, a custom cake shell component): ?php // $ cake acltool aco_models function aco_models() { $this-out('Starting models sync'); $Paper = ClassRegistry::init('Paper'); $Volume = ClassRegistry::init('Volume'); // Create the root node $root_alias = 'papers'; $this-Aco-create(); $this-Aco-save(array('parent_id' = null, 'model' = null, 'alias' = $root_alias)); $aco_root = $this-Aco-id; // Iterate all the volumes $volumes = $Volume-findAll(); foreach ($volumes as $volume) { // Create a node for the volume $this-out(sprintf('Created Aco node: %s/%s', $root_alias, $volume['Volume']['number'])); $this-Aco-create(); $row = array('parent_id' = $aco_root, 'foreign_key' = $volume['Volume']['id'], 'model' = 'Volume', 'alias' = $volume ['Volume']['number']); $this-Aco-save($row); $parent_id = $this-Aco-id; // Iterate all the papers $papers = $Paper-find('all', array('conditions' = array ('volume_id' = $volume['Volume']['id']), 'recursive' = -1)); foreach ($papers as $paper) { // Create a node for the paper $this-out(sprintf('Created Aco node: %s/%s/%s', $root_alias, $volume['Volume']['number'], $paper['Paper']['slug'])); $this-Acl-Aco-create(); $row = array('parent_id' = $parent_id, 'foreign_key' = $paper['Paper']['id'], 'model' = 'Paper', 'alias' = $paper ['Paper']['slug']); $this-Acl-Aco-save($row); } } } ? Once all the ACOs are created, I gave access to my editors and authors like so: ?php // $ cake acltool vol_perms function vol_perms() { // Row level access for volumes $this-out('Creating row-level permissions for volumes'); $Volume = ClassRegistry::init('Volume'); $volumes = $Volume-findAll(); foreach ($volumes as $vol) { $this-out(sprintf('- Entering volume number %s', $vol ['Volume']['number'])); $Volume-id = $vol['Volume']['id']; foreach ($vol['User'] as $user) { $this-out(sprintf('-- Granting access to %s', $user ['name'])); $User-id = $user['id']; $this-Acl-allow($User, $Volume); } }} ? Next we need to inform our models about our chosen ACO structure: ?php // volume.php function parentNode() { return null; } // paper.php function parentNode() { if (!$this-id empty($this-data)) { return null; } $data = $this-data; if (empty($this-data)) { $data = $this-read(); } if (empty($data['Paper']['volume_id'])) { return null; } else { return array('Volume' = array('id' = $data['Paper'] ['volume_id'])); } } ? Next, in our controllers
ACL and Auth with additional checking
Hello, I need to do some additional row level ACL access control for two of my models. My system has the following groups: admins, editors, authors and users. I'm restricting access to my controller actions using the Auth component, via $this-Auth-authorize = 'actions'. At the moment, my authors have access to controllers/Papers/view, I need to be able to limit their access to controllers/Papers/view/n. Whether I use a custom query to check access to n or an ACL, I don't mind, both are feasible so whichever is easier. Similarly, I need to control access to controllers/Volumes/view/n for editors. Does anyone have any suggestions for achieving this? Thanks, Aidan --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Admin login and user login without ACL
Is it possible to secure the admin_path so that regular users don't have access to it? I am already using the Auth component for a user login where they can perform their user tasks. But I would also like to have an admin that can see all the users stuff. The prefix routing works fine in creating the admin pages, but I was wondering if I could create a separate login for admins so that only they can access the admin tasks. The acl component looks a little too complex for my current app. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Admin login and user login without ACL
Have a look at this tutorial http://www.studiocanaria.com/articles/cakephp_auth_component_users_groups_permissions_revisited 2009/2/27 Dhana sldh...@gmail.com Is it possible to secure the admin_path so that regular users don't have access to it? I am already using the Auth component for a user login where they can perform their user tasks. But I would also like to have an admin that can see all the users stuff. The prefix routing works fine in creating the admin pages, but I was wondering if I could create a separate login for admins so that only they can access the admin tasks. The acl component looks a little too complex for my current app. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth and ACL
I am following the tutorial on Auth and ACL on http://mark-story.com/posts/view/auth-and-acl-an-end-to-end-tutorial-pt-2 But seem to be stuck on the part regarding You can create ACO objects from the Acl shell or You can use the AclComponent. Shell usage looks like: cake acl create aco root controllers While using the AclComponent would look like: $this-Acl-Aco-create(array('parent_id' = null, 'alias' = 'controllers')); I ran the connamd from the console and see the acos table now has: id, parent_id, model, foreign_key,alias, lft,rght, 1 NULL NULLNULL controllers1 2 What i am confused about is do i have to add something to my all controllers that are going to be added to the list? I have 3 restricted controllers: members, managers, and organizers so they can only acess allowed parts of the site member belongs to group 1 managers belong to group 2 organizers belong to group 3 Thnaks, Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth and ACL
Hello, the command is correct and, in this example, don't type it, because it is int the function buildAcl(), on second line. This example just shows you how to add acos, using that command, but the hard work of add all controllers is done by buildAcl. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Another Auth and ACL question
I just finished setting up the AUTH and ACL as in the cookbook. Now when I log in as any user from different groups I can access every page on the site but I get this : [Config] = Array ( [userAgent] = 8edf52fc0bebeb96d0f1c90b95f1a465 [time] = 1235718036 [rand] = 664576016 [timeout] = 10 ) [Message] = Array ( [auth] = Array ( [message] = You are not authorized to access that location. [layout] = default [params] = Array ( ) ) ) I copied the examples exactly, the ACOS AROS ACOS_AROS tables contain the data. Is there a this-Auth = something or some code i need to add tothe controllers to check that only the owner can access the page and not everyone in a group? Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Using ACL
I want to setup a site where there are 2 authorized pages and what to know what the best approach would be? To use the ACL and Auth component or just Auth. The site is pretty basic with 2 core pages: User/Profile: where users can view/edit their profile when logged in Posts: where logged in users can view/edit(their own post)/add posts Because of the simplicity is it best to just use Auth? Thanks, Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Using ACL
if there's only one type of users e.g. admin and you just check wether user is logged in, then Auth is enough for you. On Feb 25, 7:16 pm, Dave Maharaj :: WidePixels.com d...@widepixels.com wrote: I want to setup a site where there are 2 authorized pages and what to know what the best approach would be? To use the ACL and Auth component or just Auth. The site is pretty basic with 2 core pages: User/Profile: where users can view/edit their profile when logged in Posts: where logged in users can view/edit(their own post)/add posts Because of the simplicity is it best to just use Auth? Thanks, Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
How forwards-compatible is Cake's ACL?
I'm just wondering if Cake's system of doing ACL is the smartest way to implement control logic in a way that will be easy to maintain as the system progresses. It seems that when access control is implemented at the record level, we wind up with a lot of extra work to do (and the potential for more bugs) as the system progresses. Case in point: Today, maybe there is only one action for FoosController: read. So when I insert a new Foo into my database (using SQL to load it right into the database), I want to make sure I identify the AROs which have access to read the Foo. But then some day in the future, the programmer needs to also be able to delete Foos through the application. He can code the delete action and in there check if the currently acting ARO can perform deletes, and whenever he inserts a new Foo, he makes sure that he grants the appropriate AROs permission to read and delete the Foo. But what about the Foo I inserted before 'delete' was a possibility? I guess those Foos would not be able to be deleted by the system. Am I right in thinking that the most appropriate way to handle this would be to write an upgrade script which would bring the ACL tables up to date with all the possible ACOs and AROs? This issue is easy enough to fix if there are just a few AROs and actions the ARO's are seeking to perform, but it seems like it would become more an more difficult as the system scales up to include more functionality and AROs. So what's the alternative to Cake's ACL? I'm not saying this is the best practice, but the way I've always done it involves coding logic into the controllers to filter out what doesn't need to be seen, and prevent what shouldn't happen based on the authentication info I have access to. For example, let's say I'm using AuthComponent. Auth integrates tightly with my User table, so I can easily determine what user id is logged in from my controllers. I can use that to interrogate my membership table and find out what departments my user is in. Based on that, I can filter what they see and play gatekeeper for what they do. I understand that Cake's ACL is trying to get away from that kind of coding and standardize how ACL is done in applications. I just don't understand why. Any feedback would be great. Thanks for reading this. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Is ACL right to use to filter records based on membership?
I'm trying to get my head around ACL and figure out if it will be able to filter the available data down to what the user is authorized to see, or if it's just going to lock them out. Example: a regular user visits /departments/index/ (the controller wants to do a Department-paginate()) but this user doesn't have the right to see all departments - they only should be seeing departments they are affiliated with. If I use ACL to give the user read permission over Dept. A and Dept. B, will the page display and filter the records down to A and B, or is it going to complain that they should not be trying to read ALL departments? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Understanding Acl with Auth
Hi, I spent days understanding this acl stuff. I made progress but still I have groups: id:1, name:administrators id:2, name:managers id:3, name:users I have users: id:1, name:admin, group_id:1 id:2, name:mana, group_id:2 id:3, name:user, group_id:3 I have aros: id:1, parent_id:null, model:Group, foreign_key:1, alias:administrators, lft:1, rght:4 id:2, parent_id:null, model:Group, foreign_key:2, alias:managers, lft: 5, rght:8 id:3, parent_id:null, model:Group, foreign_key:3, alias:users, lft:9, rght:12 id:4, parent_id:1, model:User, foreign_key:1, alias:admin, lft:2, rght: 3 id:5, parent_id:2, model:User, foreign_key:2, alias:mana, lft:6, rght: 7 id:6, parent_id:3, model:User, foreign_key:3, alias:user, lft:10, rght: 11 I have acos: id:1, parent_id:null, alias:controllers, lft:1, rght:6 id:2, parent_id:1, alias:bla, lft:2, rght:3 id:3, parent_id:1, alias:she, lft:4, rght:5 I have aros_acos: id:1, aro_id:2, aco_id:2, _read,_create,_update,_delete: 1 id:2, aro_id:2, aco_id:3, _read,_create,_update,_delete: 1 id:3, aro_id:3, aco_id:3, _read,_create,_update,_delete: 1 These are bla and she controller: class [Bla/She]Controller extends AppController { var $uses = array(); function testing() { echo Acl makes me crazy.; $this-autoRender = false; } } This is User model: class User extends AppModel { var $name = 'User'; var $belongsTo = array('Group'); var $actsAs = array('Acl' = array('requester')); function parentNode() { if (!$this-id empty($this-data)) { return null; } $data = $this-data; if (empty($this-data)) { $data = $this-read(); } if (!$data['User']['group_id']) { return null; } else { return array('Group' = array('id' = $data['User'] ['group_id'])); } } } This is Group model: class Group extends AppModel { var $name = 'Group'; var $actsAs = array('Acl' = array('requester')); function parentNode() { return null; } } This is my app_controller file: class AppController extends Controller { var $components = array('Acl', 'Auth'); function beforeFilter() { $this-Auth-authorize = 'actions'; $this-Auth-loginAction = array('controller' = 'users', 'action' = 'login'); $this-Auth-logoutRedirect = array('controller' = 'users', 'action' = 'login'); $this-Auth-loginRedirect = array('controller' = 'users', 'action' = 'login'); $this-Auth-actionPath = 'controllers/'; } } If I log in with user 'mana' (group = 'managers') then go to this page: /bla/testing, I get this error: DbAcl::check() - Failed ARO/ACO node lookup in permissions check. Node references: Aco: controllers/Bla/testing But if I put another aco node with alias 'testing' and parent node points to 'bla', I can access it. id:4, parent_id:2, alias:testing, lft:3, rght:4 I am very confused. How should you name the aco (controller stuff)? How do I use _read, _create, etc field effectively? Why do I get failed node lookup rather than denied access? Thank you. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth/ACL and redirect to home
I am coming back to CakePHP after having given it a rest for a few months, and am really enjoying the new features in 1.2. I've gone through and used Mark Story's fabulous auth and ACL tutorial, and have it working pretty well, but there is one thing I'm not sure about. I know if you are on another page (you clicked somewhere that required permissions and you were not authenticated or logged in), that it redirects you to the login then back. That's fine, but what I'm not sure is how to handle the redirect when a user is coming from the 'home' page I think I've got it figured out by setting my login redirect in AppController to: $this-Auth-loginRedirect = array('controller' = 'pages', 'action' = 'display', 'home'); However, I've noticed that sometimes I have to login twice before it redirects. Has anyone else experienced similar behavior? Before I made this change it seemed to work fine, and does on any page that requires a login to get you ACL permissions. Tim --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth/ACL - edit forms and password problems
Thanks, that will be a lot cleaner than doing it in the controller and messing about with the raw post data. On 16 Feb, 16:50, dr. Hannibal Lecter lecter...@gmail.com wrote: I hope this might be of some help: http://dsi.vozibrale.com/articles/view/manually-hashing-password-and-... On Feb 16, 5:21 pm, Chris c.gra...@hpani.org.uk wrote: Perhaps I am just having a blonde moment, but I seem to be having difficulties with ACL and passwords. I followed the example athttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application and then once I was confident of what I was doing implemented it into my current project. It has all worked fine, AROS/ACOS all generated, logging in and out fine, permissions working however there is a problem. The edit form for users pulls in the password by default and I wanted to leave it blank so that the user can update extra info on themselves without having to change their password, so I passed in empty string as the value in the input. When the post occurs $this-data contains an sha1 encrypted string it seems that auth or acl is taking empty string, adding the salt and then encrypting... before validation!!! I decided to just check the value for $_POST['data']['User'] ['password'] and if that is blank then unset $this-data['User'] ['password'].. problem solved. in a not so nice way. However another issue has now raised its ugly head. My validation rules are now meaningless. I have a minimum length validation rule on the password field to ensure that passwords are 8 characters or more. This rule is now always met because the string is sha1 encrypted before validation and is therefore always 40 characters long. The only solution I can think of, for now, is controller based validation on the raw post data. which isn't very clean. If anyone has a better idea please let me know. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL throwing self-joined model into infinite recursion
Seems to work great. I removed the 'Parent', and 'Child' relationship from Page, and refactored it to use the Tree behavior methods instead. Thanks. On Feb 16, 5:06 pm, benjam benjamwel...@gmail.com wrote: I had thought of that (the Parent Child thing on multiple models) but was hoping that Cake was smart enough to know which was which. Thanks for the info, I'll fiddle with it and post the outcome here... On Feb 16, 12:43 pm, AD7six andydawso...@gmail.com wrote: On Feb 16, 9:21 am,benjambenjamwel...@gmail.com wrote: Here are some (hopefully) relevant code snippits:http://pastebin.com/f7426e0c4 On Feb 16, 8:55 am,benjambenjamwel...@gmail.com wrote: I have just com across a very strange issue with Cake. I have ACL installed in my app, and I havre a self-referencing table in that app as well (Parent-Child). That's nothing to do with ACL and almost definitely because you're using 'Parent' and 'Child' aliases in multiple models to refer to different classes. Why define these relationships at all, they are redundant with the tree behavior. AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL throwing self-joined model into infinite recursion
Here are some (hopefully) relevant code snippits: http://pastebin.com/f7426e0c4 On Feb 16, 8:55 am, benjam benjamwel...@gmail.com wrote: I have just com across a very strange issue with Cake. I have ACL installed in my app, and I havre a self-referencing table in that app as well (Parent-Child). In my app_controller, I pull data for the self-referencing model for every page load (it runs the menu), and it works fine for all the pages that aren't directly related to the ACL. For instance the users model and controller are directly related to the ACL, as is the groups model and controller. The trouble is, when I access a page that is directly related to ACL, for some reason, the pages model (the self-referencing model), gets thrown into an infinite recursion, trying to build the model relationships, and gets stuck trying to go up the tree. Here is an excerpt from my xdebug output when I get the Fatal error: Maximum function nesting level of '100' reached error: AppController-beforeRender( ) ..\controller.php:731 ClassRegistry-init( 'Page', ??? ) ..\app_controller.php:122 Model-__construct( array('class'='Page', alias='Page'), ???, ??? ) ..\class_registry.php:134 Model-__createLinks( ) ..\model.php:417 Model-__constructLinkedModel( 'Parent', 'Page ) ..\model.php:608 ClassRegistry-init( array('class'='Page', alias='Parent'), ??? ) .. \model.php:635 Model-__construct( array('class'='Page', alias='Parent'), ???, ??? ) ..\class_registry.php:134 Model-__createLinks( ) ..\model.php:417 Model-__constructLinkedModel( 'Parent', 'Page' ) ..\model.php:608 -- and it's entered the infinite recursion Has anybody seen this before, and does anybody have any suggestions on how to rectify it? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL throwing self-joined model into infinite recursion
On Feb 16, 9:21 am, benjam benjamwel...@gmail.com wrote: Here are some (hopefully) relevant code snippits:http://pastebin.com/f7426e0c4 On Feb 16, 8:55 am, benjam benjamwel...@gmail.com wrote: I have just com across a very strange issue with Cake. I have ACL installed in my app, and I havre a self-referencing table in that app as well (Parent-Child). That's nothing to do with ACL and almost definitely because you're using 'Parent' and 'Child' aliases in multiple models to refer to different classes. Why define these relationships at all, they are redundant with the tree behavior. AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL throwing self-joined model into infinite recursion
I had thought of that (the Parent Child thing on multiple models) but was hoping that Cake was smart enough to know which was which. Thanks for the info, I'll fiddle with it and post the outcome here... On Feb 16, 12:43 pm, AD7six andydawso...@gmail.com wrote: On Feb 16, 9:21 am, benjam benjamwel...@gmail.com wrote: Here are some (hopefully) relevant code snippits:http://pastebin.com/f7426e0c4 On Feb 16, 8:55 am, benjam benjamwel...@gmail.com wrote: I have just com across a very strange issue with Cake. I have ACL installed in my app, and I havre a self-referencing table in that app as well (Parent-Child). That's nothing to do with ACL and almost definitely because you're using 'Parent' and 'Child' aliases in multiple models to refer to different classes. Why define these relationships at all, they are redundant with the tree behavior. AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth/ACL - edit forms and password problems
Perhaps I am just having a blonde moment, but I seem to be having difficulties with ACL and passwords. I followed the example at http://book.cakephp.org/view/641/Simple-Acl-controlled-Application and then once I was confident of what I was doing implemented it into my current project. It has all worked fine, AROS/ACOS all generated, logging in and out fine, permissions working however there is a problem. The edit form for users pulls in the password by default and I wanted to leave it blank so that the user can update extra info on themselves without having to change their password, so I passed in empty string as the value in the input. When the post occurs $this-data contains an sha1 encrypted string it seems that auth or acl is taking empty string, adding the salt and then encrypting... before validation!!! I decided to just check the value for $_POST['data']['User'] ['password'] and if that is blank then unset $this-data['User'] ['password'].. problem solved. in a not so nice way. However another issue has now raised its ugly head. My validation rules are now meaningless. I have a minimum length validation rule on the password field to ensure that passwords are 8 characters or more. This rule is now always met because the string is sha1 encrypted before validation and is therefore always 40 characters long. The only solution I can think of, for now, is controller based validation on the raw post data. which isn't very clean. If anyone has a better idea please let me know. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth/ACL - edit forms and password problems
I hope this might be of some help: http://dsi.vozibrale.com/articles/view/manually-hashing-password-and-password-validation On Feb 16, 5:21 pm, Chris c.gra...@hpani.org.uk wrote: Perhaps I am just having a blonde moment, but I seem to be having difficulties with ACL and passwords. I followed the example athttp://book.cakephp.org/view/641/Simple-Acl-controlled-Application and then once I was confident of what I was doing implemented it into my current project. It has all worked fine, AROS/ACOS all generated, logging in and out fine, permissions working however there is a problem. The edit form for users pulls in the password by default and I wanted to leave it blank so that the user can update extra info on themselves without having to change their password, so I passed in empty string as the value in the input. When the post occurs $this-data contains an sha1 encrypted string it seems that auth or acl is taking empty string, adding the salt and then encrypting... before validation!!! I decided to just check the value for $_POST['data']['User'] ['password'] and if that is blank then unset $this-data['User'] ['password'].. problem solved. in a not so nice way. However another issue has now raised its ugly head. My validation rules are now meaningless. I have a minimum length validation rule on the password field to ensure that passwords are 8 characters or more. This rule is now always met because the string is sha1 encrypted before validation and is therefore always 40 characters long. The only solution I can think of, for now, is controller based validation on the raw post data. which isn't very clean. If anyone has a better idea please let me know. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL throwing self-joined model into infinite recursion
I have just com across a very strange issue with Cake. I have ACL installed in my app, and I havre a self-referencing table in that app as well (Parent-Child). In my app_controller, I pull data for the self-referencing model for every page load (it runs the menu), and it works fine for all the pages that aren't directly related to the ACL. For instance the users model and controller are directly related to the ACL, as is the groups model and controller. The trouble is, when I access a page that is directly related to ACL, for some reason, the pages model (the self-referencing model), gets thrown into an infinite recursion, trying to build the model relationships, and gets stuck trying to go up the tree. Here is an excerpt from my xdebug output when I get the Fatal error: Maximum function nesting level of '100' reached error: AppController-beforeRender( ) ..\controller.php:731 ClassRegistry-init( 'Page', ??? ) ..\app_controller.php:122 Model-__construct( array('class'='Page', alias='Page'), ???, ??? ) ..\class_registry.php:134 Model-__createLinks( ) ..\model.php:417 Model-__constructLinkedModel( 'Parent', 'Page )..\model.php:608 ClassRegistry-init( array('class'='Page', alias='Parent'), ??? ) .. \model.php:635 Model-__construct( array('class'='Page', alias='Parent'), ???, ??? )..\class_registry.php:134 Model-__createLinks( ) ..\model.php:417 Model-__constructLinkedModel( 'Parent', 'Page' ) ..\model.php:608 -- and it's entered the infinite recursion Has anybody seen this before, and does anybody have any suggestions on how to rectify it? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Plugin to implement ACl whit cakephp
HI¡, anything know some plugin to implement ACL whit cakephp?, please I need it --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
[ask] Auth error when integrate with ACL in CakePHP 1.2.1.8004
Hello everybody, for a weeks, i struggle learning about ACL. Then, i have something weird in my app. I'm using $this-Auth-authorize = 'crud'; in my app_controller.php. Every i'm trying to logout, this is happend : Auth::startup() - Attempted access of un-mapped action logout in controller users [CORE/cake/libs/controller/components/auth.php, line 471] But, when i add $this-Auth-actionMap['logout'] = 'read'; in my app_controller, everything works! It's weird when Auth logout must set in actionMap. can help me? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth error when integrate with ACL in CakePHP 1.2.1.8004
Actually you should probably use Auth-allow('logout') in your users controller. Also, if you want to add to the actionMap then use Auth::mapActions(); --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth error when integrate with ACL in CakePHP 1.2.1.8004
Thanks, Gwoo, it works fine right now! On Tue, 2009-02-10 at 08:46 -0800, Gwoo wrote: Actually you should probably use Auth-allow('logout') in your users controller. Also, if you want to add to the actionMap then use Auth::mapActions(); --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL question regarding Acl example
Hi, I just started using cakePHP, im almost done reading through the documents, but I was wondering something, I was reading the example for the ACL controlled application, and on one part it says Our controllers and models are now prepped for adding some initial data, and our Group and User models are bound to the Acl table. So add some groups and users using the baked forms. I made the following groups: what baked forms is this referring to? and when inserting users, if I made a registration function in the users controller, and made a form to insert a user into the database would it automatically update everything for acl to work properly? Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL question regarding Acl example
For baked forms it means the forms autogenerated by bake. If you haven't used bake yet, it's a command line utilities that let you auto- generate basic models, controllers and views, starting from your db structure. You can find more informations on the documentation. The basic class created by bake with allow you to perform the basics Create, Read, Update and Delete operation for all your entities, including Users and Groups. The link bettween this entities and ACL is not automatic bt it requires the implementation of some code in both the User and Group model. You should find all the info in the tutorial. I hope this few info can help you, unfortunately I'm at work and I'm not able to check the docs and give you more details. Andrea --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
ACL/AUTH redirecting.
With the ACL/Auth set up, is there a way to redirect to a specific view in the event of a user who is logged in but does not have permission to a particular action? I believe by default, it redirects to the login page. What I would like to accomplish are: 1. If the user is not logged in and tries to access a restricted area, he will be redirected to the login page. 2. If he is logged in but without the proper access permission, he will be redirected to a page that says something like You do not have access permission to do that. Currently in both the above scenarios, the user is redirected to the login page. My AuthComponent configuration is as follows: $this-Auth-actionPath = 'controllers/'; $this-Auth-authorize = 'actions'; $this-Auth-loginAction = array('controller' = 'users', 'action' = 'login'); $this-Auth-logoutRedirect = array('controller' = 'users', 'action' = 'login'); $this-Auth-loginRedirect = array('controller' = 'media_centers', 'action' = 'index'); Thanks in advance for your help. Steve --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: saveAll() and Auth/Acl - redirecting to login page??
bump On Jan 28, 1:10 am, releod rel...@gmail.com wrote: Hello, I have been trying to lock down this problem for the past little while - here is my issue. - I have a form with News Model data, and Link Model data.. - My controller runs $this-News-saveAll($this-data, array ('validate' = 'first')) If one of the validations in the News or Link data-set fails, it all works fine, shows the errors, etc. However, if I try to re-submit, the form with the error, the application freaks out and kills my Authenticated session, prompting me to login again - the AuthMessage I see is that I do not have permission to access this content... what content would that be, I can edit it properly when all fields are entered properly. I am not really sure what is happening, I cannot seem to find a way to log or view anything before the re-direction happens.. my app is not doing anything to the Auth session or anything like that.. What gives? How would I even start to try and track this down? I tried removing Auth and Acl from my components in AppController, and the validation worked multiple times without asking me to login again - so at this point I assume something somewhere is happening to the Auth'd session. Any help on this would be great, I am lost at this point.. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
saveAll() and Auth/Acl - redirecting to login page??
Hello, I have been trying to lock down this problem for the past little while - here is my issue. - I have a form with News Model data, and Link Model data.. - My controller runs $this-News-saveAll($this-data, array ('validate' = 'first')) If one of the validations in the News or Link data-set fails, it all works fine, shows the errors, etc. However, if I try to re-submit, the form with the error, the application freaks out and kills my Authenticated session, prompting me to login again - the AuthMessage I see is that I do not have permission to access this content... what content would that be, I can edit it properly when all fields are entered properly. I am not really sure what is happening, I cannot seem to find a way to log or view anything before the re-direction happens.. my app is not doing anything to the Auth session or anything like that.. What gives? How would I even start to try and track this down? I tried removing Auth and Acl from my components in AppController, and the validation worked multiple times without asking me to login again - so at this point I assume something somewhere is happening to the Auth'd session. Any help on this would be great, I am lost at this point.. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---