Re: Access to specific data cakephp 2.x
I already used that way to solve what I want. I wanted something like "acl solution", hehe. Thank you for your answer Best regards Paulo On Tuesday, December 25, 2012 4:53:22 AM UTC+2, zuha wrote: > > Is there a reason you don't just do access control in the controller then? > ie. > > if ($this->request->data['User']['creator_id'] == $this->Session->read(' > Auth.User.id')) { > $this->BlogPost->save($this->request->data); > } > > BTW, Zuha has a behavior called the UsableBehavior which could probably be > modified to do what you're trying to do with a new function or two added to > it. > https://github.com/zuha/Zuha/tree/master/app/Plugin/Users/Model/Behavior > > > > On Monday, December 24, 2012 6:12:02 PM UTC-5, Paulo Braga wrote: >> >> Hi Rob. Thanks for your answer, the behavior is very interesting. >> >> I think I did not express myself well, I dont want just to set that a >> user has only access to the posts he created. >> >> I want also to configure for example: >> >> We have hotels around a country from the same organization, so in each >> city there's a manager, and I want a manager to manage just the hotels in >> his city. but this hotels can be created by another user(admin), is it >> possible? I did it with isAuthorized() method, but it requires a lot of >> "code (ugly code)° :p >> >> Paulo >> >> On Monday, December 24, 2012 3:08:31 PM UTC+2, Rob M wrote: >>> >>> Hi Paulo: You are describing row-level access control, and I am doing >>> that with CakePHP 2.0 using a modified version of Daniel >>> Vecchiato's WhoDidIt Model Behavior ( >>> https://github.com/danfreak/4cakephp/tree/master/models/behaviors). >>> Then I check in the controller to see if the id in the table for the person >>> who created the record matches the id of the person who is trying to modify >>> it. - Rob >>> >>> On Sunday, December 23, 2012 4:01:28 PM UTC-5, Paulo Braga wrote: Hi people. I am using cakephp 2.x, and I am trying to build a system with group permissions, ok, I used Acl and Auth component without problem. Now I want to configure access to specific data. for example: we have a blog app, and we have users, posts, etc. an admin can do anything(no problems); a post is posted by a user. (some problems here); With acl I configured that admin group can do anything. and that user group can just do anything in posts(add, list, edit, delete). everything is working. But I dont want a user to edit,delete,list posts that were not created by him. I used to do it with the method isAuthorized(), but imagining a big app, I think it will be too hard to codify it. is there a "clean" way to do it??? -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: Access to specific data cakephp 2.x
Hi rob, thanks for your answer, I already used that solution in some projects, but I thought that there was an acl solution to do it but as I see, there is no. Thank you, WhoDidIt is very interesting. Best regards On Tuesday, December 25, 2012 1:35:59 PM UTC+2, Rob M wrote: > > Hi Paulo: > To answer your first question: give everyone access to every post by > *not*checking to see who owns it in the Controller::index() and > Controller::view() methods. Give only the post's writer the ability to > edit/delete the post by checking first to see who owns it in the > Controller::edit() and Controller::delete() methods. With the > aforementioned WhoDidIt behavior we're talking about only one additional > line of controller code plus one additional condition: > $user = $this->Session->Read('Auth.User.id'); > > ...so in the Controller::delete() function (for example): > function delete($id = null) { > if (!$id) { > $this->Session->setFlash(__('Invalid id for Post')); > $this->redirect(array('action'=>'index')); > } > *$*user* = $this->Session->Read('Auth.User.id'); *// Only allow deletes > from user's own records > if (*$this->Post->field('created_by', array('id' => $id)) == $user* && > $this->Post->delete($id)) { > $this->Session->setFlash(__('Post deleted')); > } > $this->Session->setFlash(__('Post was not deleted')); > } > > To answer your second question: same idea. Check that the manager logged > in has access to the controller function on that hotel *in the > appropriate controller function*. > -Rob > > On Monday, December 24, 2012 6:12:02 PM UTC-5, Paulo Braga wrote: >> >> Hi Rob. Thanks for your answer, the behavior is very interesting. >> >> I think I did not express myself well, I dont want just to set that a >> user has only access to the posts he created. >> >> I want also to configure for example: >> >> We have hotels around a country from the same organization, so in each >> city there's a manager, and I want a manager to manage just the hotels in >> his city. but this hotels can be created by another user(admin), is it >> possible? I did it with isAuthorized() method, but it requires a lot of >> "code (ugly code)° :p >> >> Paulo >> >> On Monday, December 24, 2012 3:08:31 PM UTC+2, Rob M wrote: >>> >>> Hi Paulo: You are describing row-level access control, and I am doing >>> that with CakePHP 2.0 using a modified version of Daniel >>> Vecchiato's WhoDidIt Model Behavior ( >>> https://github.com/danfreak/4cakephp/tree/master/models/behaviors). >>> Then I check in the controller to see if the id in the table for the person >>> who created the record matches the id of the person who is trying to modify >>> it. - Rob >>> >>> On Sunday, December 23, 2012 4:01:28 PM UTC-5, Paulo Braga wrote: Hi people. I am using cakephp 2.x, and I am trying to build a system with group permissions, ok, I used Acl and Auth component without problem. Now I want to configure access to specific data. for example: we have a blog app, and we have users, posts, etc. an admin can do anything(no problems); a post is posted by a user. (some problems here); With acl I configured that admin group can do anything. and that user group can just do anything in posts(add, list, edit, delete). everything is working. But I dont want a user to edit,delete,list posts that were not created by him. I used to do it with the method isAuthorized(), but imagining a big app, I think it will be too hard to codify it. is there a "clean" way to do it??? -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: Access to specific data cakephp 2.x
Hi Paulo: To answer your first question: give everyone access to every post by *not*checking to see who owns it in the Controller::index() and Controller::view() methods. Give only the post's writer the ability to edit/delete the post by checking first to see who owns it in the Controller::edit() and Controller::delete() methods. With the aforementioned WhoDidIt behavior we're talking about only one additional line of controller code plus one additional condition: $user = $this->Session->Read('Auth.User.id'); ...so in the Controller::delete() function (for example): function delete($id = null) { if (!$id) { $this->Session->setFlash(__('Invalid id for Post')); $this->redirect(array('action'=>'index')); } *$*user* = $this->Session->Read('Auth.User.id'); *// Only allow deletes from user's own records if (*$this->Post->field('created_by', array('id' => $id)) == $user* && $this->Post->delete($id)) { $this->Session->setFlash(__('Post deleted')); } $this->Session->setFlash(__('Post was not deleted')); } To answer your second question: same idea. Check that the manager logged in has access to the controller function on that hotel *in the appropriate controller function*. -Rob On Monday, December 24, 2012 6:12:02 PM UTC-5, Paulo Braga wrote: > > Hi Rob. Thanks for your answer, the behavior is very interesting. > > I think I did not express myself well, I dont want just to set that a user > has only access to the posts he created. > > I want also to configure for example: > > We have hotels around a country from the same organization, so in each > city there's a manager, and I want a manager to manage just the hotels in > his city. but this hotels can be created by another user(admin), is it > possible? I did it with isAuthorized() method, but it requires a lot of > "code (ugly code)° :p > > Paulo > > On Monday, December 24, 2012 3:08:31 PM UTC+2, Rob M wrote: >> >> Hi Paulo: You are describing row-level access control, and I am doing >> that with CakePHP 2.0 using a modified version of Daniel >> Vecchiato's WhoDidIt Model Behavior ( >> https://github.com/danfreak/4cakephp/tree/master/models/behaviors). Then >> I check in the controller to see if the id in the table for the person who >> created the record matches the id of the person who is trying to modify it. >> - Rob >> >> On Sunday, December 23, 2012 4:01:28 PM UTC-5, Paulo Braga wrote: >>> >>> Hi people. >>> >>> I am using cakephp 2.x, and I am trying to build a system with group >>> permissions, ok, I used Acl and Auth component without problem. >>> >>> Now I want to configure access to specific data. for example: >>> >>> we have a blog app, and we have users, posts, etc. >>> an admin can do anything(no problems); >>> a post is posted by a user. (some problems here); >>> >>> With acl I configured that admin group can do anything. and that user >>> group can just do anything in posts(add, list, edit, delete). everything is >>> working. >>> >>> But I dont want a user to edit,delete,list posts that were not created >>> by him. >>> >>> I used to do it with the method isAuthorized(), but imagining a big app, >>> I think it will be too hard to codify it. >>> >>> is there a "clean" way to do it??? >>> >>> -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: Access to specific data cakephp 2.x
Is there a reason you don't just do access control in the controller then? ie. if ($this->request->data['User']['creator_id'] == $this->Session->read('Auth.User.id')) { $this->BlogPost->save($this->request->data); } BTW, Zuha has a behavior called the UsableBehavior which could probably be modified to do what you're trying to do with a new function or two added to it. https://github.com/zuha/Zuha/tree/master/app/Plugin/Users/Model/Behavior On Monday, December 24, 2012 6:12:02 PM UTC-5, Paulo Braga wrote: > > Hi Rob. Thanks for your answer, the behavior is very interesting. > > I think I did not express myself well, I dont want just to set that a user > has only access to the posts he created. > > I want also to configure for example: > > We have hotels around a country from the same organization, so in each > city there's a manager, and I want a manager to manage just the hotels in > his city. but this hotels can be created by another user(admin), is it > possible? I did it with isAuthorized() method, but it requires a lot of > "code (ugly code)° :p > > Paulo > > On Monday, December 24, 2012 3:08:31 PM UTC+2, Rob M wrote: >> >> Hi Paulo: You are describing row-level access control, and I am doing >> that with CakePHP 2.0 using a modified version of Daniel >> Vecchiato's WhoDidIt Model Behavior ( >> https://github.com/danfreak/4cakephp/tree/master/models/behaviors). Then >> I check in the controller to see if the id in the table for the person who >> created the record matches the id of the person who is trying to modify it. >> - Rob >> >> On Sunday, December 23, 2012 4:01:28 PM UTC-5, Paulo Braga wrote: >>> >>> Hi people. >>> >>> I am using cakephp 2.x, and I am trying to build a system with group >>> permissions, ok, I used Acl and Auth component without problem. >>> >>> Now I want to configure access to specific data. for example: >>> >>> we have a blog app, and we have users, posts, etc. >>> an admin can do anything(no problems); >>> a post is posted by a user. (some problems here); >>> >>> With acl I configured that admin group can do anything. and that user >>> group can just do anything in posts(add, list, edit, delete). everything is >>> working. >>> >>> But I dont want a user to edit,delete,list posts that were not created >>> by him. >>> >>> I used to do it with the method isAuthorized(), but imagining a big app, >>> I think it will be too hard to codify it. >>> >>> is there a "clean" way to do it??? >>> >>> -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: Access to specific data cakephp 2.x
Hi Rob. Thanks for your answer, the behavior is very interesting. I think I did not express myself well, I dont want just to set that a user has only access to the posts he created. I want also to configure for example: We have hotels around a country from the same organization, so in each city there's a manager, and I want a manager to manage just the hotels in his city. but this hotels can be created by another user(admin), is it possible? I did it with isAuthorized() method, but it requires a lot of "code (ugly code)° :p Paulo On Monday, December 24, 2012 3:08:31 PM UTC+2, Rob M wrote: > > Hi Paulo: You are describing row-level access control, and I am doing that > with CakePHP 2.0 using a modified version of Daniel Vecchiato's WhoDidIt > Model Behavior ( > https://github.com/danfreak/4cakephp/tree/master/models/behaviors). Then > I check in the controller to see if the id in the table for the person who > created the record matches the id of the person who is trying to modify it. > - Rob > > On Sunday, December 23, 2012 4:01:28 PM UTC-5, Paulo Braga wrote: >> >> Hi people. >> >> I am using cakephp 2.x, and I am trying to build a system with group >> permissions, ok, I used Acl and Auth component without problem. >> >> Now I want to configure access to specific data. for example: >> >> we have a blog app, and we have users, posts, etc. >> an admin can do anything(no problems); >> a post is posted by a user. (some problems here); >> >> With acl I configured that admin group can do anything. and that user >> group can just do anything in posts(add, list, edit, delete). everything is >> working. >> >> But I dont want a user to edit,delete,list posts that were not created by >> him. >> >> I used to do it with the method isAuthorized(), but imagining a big app, >> I think it will be too hard to codify it. >> >> is there a "clean" way to do it??? >> >> -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: Access to specific data cakephp 2.x
Hi Paulo: You are describing row-level access control, and I am doing that with CakePHP 2.0 using a modified version of Daniel Vecchiato's WhoDidIt Model Behavior (https://github.com/danfreak/4cakephp/tree/master/models/behaviors). Then I check in the controller to see if the id in the table for the person who created the record matches the id of the person who is trying to modify it. - Rob On Sunday, December 23, 2012 4:01:28 PM UTC-5, Paulo Braga wrote: > > Hi people. > > I am using cakephp 2.x, and I am trying to build a system with group > permissions, ok, I used Acl and Auth component without problem. > > Now I want to configure access to specific data. for example: > > we have a blog app, and we have users, posts, etc. > an admin can do anything(no problems); > a post is posted by a user. (some problems here); > > With acl I configured that admin group can do anything. and that user > group can just do anything in posts(add, list, edit, delete). everything is > working. > > But I dont want a user to edit,delete,list posts that were not created by > him. > > I used to do it with the method isAuthorized(), but imagining a big app, I > think it will be too hard to codify it. > > is there a "clean" way to do it??? > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Access to specific data cakephp 2.x
Hi people. I am using cakephp 2.x, and I am trying to build a system with group permissions, ok, I used Acl and Auth component without problem. Now I want to configure access to specific data. for example: we have a blog app, and we have users, posts, etc. an admin can do anything(no problems); a post is posted by a user. (some problems here); With acl I configured that admin group can do anything. and that user group can just do anything in posts(add, list, edit, delete). everything is working. But I dont want a user to edit,delete,list posts that were not created by him. I used to do it with the method isAuthorized(), but imagining a big app, I think it will be too hard to codify it. is there a "clean" way to do it??? -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.