Hello fellow cake-bakers! I'm making a small application to handle project related information in order to learn how to use CakePHP. I'm having troubles with ACL. The ACL idea is quite straight forward but implementing it on a real-life app proves not to be easy. I would like your suggestions on how to deal with the following situation:
My app has the following tables: users: Keeps the users info (username, pass, email, group, etc) groups: Groups where the users belong to. I have "administrators", "managers" and "registered" roles: Roles for the registered users. I have "leader", "member" and "guest". memberships: This table keeps the relationship between users, roles and projects. projects: Keeps the projects info items: Projects have several information items. This table keeps these items. The tables have the following relationships: users: hasMany Memberships, belongsTo Groups. groups: hasMany Users roles: hasMany Memberships memberships: belongsTo Users, Projects, Roles projects: hasMany Memberships, Items items: belongsTo Projects Basically managers (or administrators) can assign roles to registered users. Leaders and members can belong to several projects. Those belonging to a specific project can edit that project's data and its associated items. Leaders can assign members to a project from the pool of registered users. Here is the situation in terms of CRUD: Administrators: Full CRUD on everything (users, memberships, projects, items) Managers: Can CRUD users of type "registered" but not "managers" or "administrators". Full CRUD on memberships, projects and items. registered: Can do different things based on their roles: leaders (role): Can update their own user info and read other user data that belong to their projects (info stored in the "memberships" table). Can CRUD memberships for their projects. Can CRUD items for their own projects. Can update their own projects. members (role): Can update their own user info and read other user data that belong to their projects. Can CRUD items for their own projects. Can read memberships for their own projects. Can update their own projects. guests (role): Can update their own user info. Can read projects. Based on the above situation what do you think will be the best approach to deal with it? I tried with ACL but somewhere on the way I lost it. I tried playing with some of the ACL plugins available with no success. The biggest challenge is to deal with the permission creation by the managers and administrators. Please help! I'm not yet an adept cake-baker so please be kind. Your suggestions and recommendation will be greatly appreciated. Thank you! -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
