Re: Question about use ACL with paginate

[Guillermo Mansilla]

Yes, you are right, forget the "create" field. My mistake. You should have
only 3 fields regarding to permissions: Read, Update, Delete, so you can
still implement my idea

On 11 February 2010 06:00, anl hp  wrote:

> Something I don't see clear from this approach is, how can I have
> permissions on 'create' for a document that's not been yet created?, When I
> see this method I can only see 'documents' as a 'resource' an 'interface' or
> in the current context, as a 'controller', setting permits on documents
> treated as 'files' or 'rows' in a db, I can only think of a system file
> permissions (read, write or edit and delete in this example, execute)
> But I am not versed in sql either ;)
>
> anl
>
>
> On Thu, Feb 11, 2010 at 2:08 AM, guille1983  wrote:
>
>> Oh... I see the data got lost
>> The tables look like this:
>>
>> id: 1
>> document_id: 9
>> user_id: null
>> group_id: 1
>> create: 0
>> read: 1
>> update: 0
>> delele: 0
>>
>> On 10 feb, 21:04, Guillermo Mansilla  wrote:
>> > I think about this:
>> > Have a table (with its model) named documents_permissions with the
>> following
>> > fields
>> > id, document_id, user_id, group_id, read, create, update, delete
>> > this model belongs To: User, Group, Document
>> > Since a user may be part of many groups and some times you may have
>> cases
>> > like this:
>> > user gmansilla (user_id 7) belongs to groups: teachers (group_id 4) and
>> > administrators (group_id 1),  and document "taxes" (document_id 9) may
>> be
>> > read only by administrators. You will have to feed the table with this
>> data:
>> >
>> > id|document_id |  user_id   |  group_id   |
>> > create  |   read   |   update   |delete  |
>> > 19null
>> > 101 0   0
>> >
>> > In case this document may be read by teachers and administrator but may
>> not
>> > be read my gmansilla you will feed the table with this data
>> >
>> > id|document_id |  user_id   |  group_id   |
>> > create  |   read   |   update   |delete  |
>> > 19null
>> > 101 0   0
>> > 29null 4
>> >01 0   0
>> > 397null
>> > 00 0   0
>> >
>> > Basically you fill the table with the permits and the explicit denies,
>> > then
>> >
>> > Then in your Controller place a function that checks if a user has
>> permision
>> > or not, something like
>> >
>> > function __hasPermission($document_id, $user_id, $group_id, $action){
>> >   switch ($action) {
>> >case 'read':
>> > return ($this->theNewModel->find('count',
>> > array('contionds' => array('read' => 1, 'group_id' => $group_id,
>> > 'document_id' => $document_id))) > 0
>> >&&
>> $this->theNewModel->find('count',
>> > array('contionds' => array('read ' => 0, 'user_id' => $user_id,
>> > 'document_id' => $document_id))) == 0
>> >)
>> > //I am counting results in find
>> > queries where my group  has permission (1)  and I am not denied (0)
>> >
>> >   );
>> >  brake;
>> >   case  and so on
>> >   }
>> >
>> > }
>> >
>> > Then you can call you function passing the required parameters, example:
>> > Lets say I am user_id = 3 and I belong to groups = 5 and 7,  and I want
>> to
>> > read document_id = 9
>> > Now I want to check if the User has permission: $this->__hasPermision(9,
>> 3,
>> > array('5', '7'), 'read')
>> >
>> > All of this Is to only check permissions...
>> >
>> > To display What documents Can I read I would use the containable
>> behavior or
>> > just bindModel setting the conditions You need.
>> >
>> > I hope it helps you
>> >
>> > On 10 February 2010 16:54, marco.rizze...@gmail.com <
>> >
>> > marco.rizze...@gmail.com> wrote:
>> > > I try to explain better.
>> > > I have users that belongs to groups (a user can belong to many group
>> > > and a group can have many users)
>> > > Then I have documents.
>> > > I must manage permissions on documents.
>> > > Permissions are : read a document, edit a document etc...
>> > > Permission can be defined in raltion to groups or to users
>> >
>> > > So there are documents can be accessed by all user in a group and
>> > > there are other documents can be accessed by only some users.
>> >
>> > > I ask  what is the best pattern to manage this situation
>> >
>> > > To manage this is better have a HABTM relation between User and
>> > > Document with a "permission" field ( more simple but I have to use
>> > > more an

Re: Question about use ACL with paginate

[anl hp]

Something I don't see clear from this approach is, how can I have
permissions on 'create' for a document that's not been yet created?, When I
see this method I can only see 'documents' as a 'resource' an 'interface' or
in the current context, as a 'controller', setting permits on documents
treated as 'files' or 'rows' in a db, I can only think of a system file
permissions (read, write or edit and delete in this example, execute)
But I am not versed in sql either ;)

anl


On Thu, Feb 11, 2010 at 2:08 AM, guille1983  wrote:

> Oh... I see the data got lost
> The tables look like this:
>
> id: 1
> document_id: 9
> user_id: null
> group_id: 1
> create: 0
> read: 1
> update: 0
> delele: 0
>
> On 10 feb, 21:04, Guillermo Mansilla  wrote:
> > I think about this:
> > Have a table (with its model) named documents_permissions with the
> following
> > fields
> > id, document_id, user_id, group_id, read, create, update, delete
> > this model belongs To: User, Group, Document
> > Since a user may be part of many groups and some times you may have cases
> > like this:
> > user gmansilla (user_id 7) belongs to groups: teachers (group_id 4) and
> > administrators (group_id 1),  and document "taxes" (document_id 9) may be
> > read only by administrators. You will have to feed the table with this
> data:
> >
> > id|document_id |  user_id   |  group_id   |
> > create  |   read   |   update   |delete  |
> > 19null
> > 101 0   0
> >
> > In case this document may be read by teachers and administrator but may
> not
> > be read my gmansilla you will feed the table with this data
> >
> > id|document_id |  user_id   |  group_id   |
> > create  |   read   |   update   |delete  |
> > 19null
> > 101 0   0
> > 29null 4
> >01 0   0
> > 397null
> > 00 0   0
> >
> > Basically you fill the table with the permits and the explicit denies,
> > then
> >
> > Then in your Controller place a function that checks if a user has
> permision
> > or not, something like
> >
> > function __hasPermission($document_id, $user_id, $group_id, $action){
> >   switch ($action) {
> >case 'read':
> > return ($this->theNewModel->find('count',
> > array('contionds' => array('read' => 1, 'group_id' => $group_id,
> > 'document_id' => $document_id))) > 0
> >&&
> $this->theNewModel->find('count',
> > array('contionds' => array('read ' => 0, 'user_id' => $user_id,
> > 'document_id' => $document_id))) == 0
> >)
> > //I am counting results in find
> > queries where my group  has permission (1)  and I am not denied (0)
> >
> >   );
> >  brake;
> >   case  and so on
> >   }
> >
> > }
> >
> > Then you can call you function passing the required parameters, example:
> > Lets say I am user_id = 3 and I belong to groups = 5 and 7,  and I want
> to
> > read document_id = 9
> > Now I want to check if the User has permission: $this->__hasPermision(9,
> 3,
> > array('5', '7'), 'read')
> >
> > All of this Is to only check permissions...
> >
> > To display What documents Can I read I would use the containable behavior
> or
> > just bindModel setting the conditions You need.
> >
> > I hope it helps you
> >
> > On 10 February 2010 16:54, marco.rizze...@gmail.com <
> >
> > marco.rizze...@gmail.com> wrote:
> > > I try to explain better.
> > > I have users that belongs to groups (a user can belong to many group
> > > and a group can have many users)
> > > Then I have documents.
> > > I must manage permissions on documents.
> > > Permissions are : read a document, edit a document etc...
> > > Permission can be defined in raltion to groups or to users
> >
> > > So there are documents can be accessed by all user in a group and
> > > there are other documents can be accessed by only some users.
> >
> > > I ask  what is the best pattern to manage this situation
> >
> > > To manage this is better have a HABTM relation between User and
> > > Document with a "permission" field ( more simple but I have to use
> > > more and more space).
> > > In this way when I set that a document can be access by a group I must
> > > insert in HABTM relation all the users of the group.
> >
> > > or I use ACL (very very complex to use in this situation(I have to
> > > manage also that a user can belong to many groups)
> >
> > > or I ask if exist another method?
> >
> > > I hope that 

Re: Question about use ACL with paginate

[guille1983]

Oh... I see the data got lost
The tables look like this:

id: 1
document_id: 9
user_id: null
group_id: 1
create: 0
read: 1
update: 0
delele: 0

On 10 feb, 21:04, Guillermo Mansilla  wrote:
> I think about this:
> Have a table (with its model) named documents_permissions with the following
> fields
> id, document_id, user_id, group_id, read, create, update, delete
> this model belongs To: User, Group, Document
> Since a user may be part of many groups and some times you may have cases
> like this:
> user gmansilla (user_id 7) belongs to groups: teachers (group_id 4) and
> administrators (group_id 1),  and document "taxes" (document_id 9) may be
> read only by administrators. You will have to feed the table with this data:
>
> id    |    document_id     |      user_id       |      group_id   |
> create  |   read   |   update   |    delete      |
> 1                9                        null
> 1                0            1             0               0
>
> In case this document may be read by teachers and administrator but may not
> be read my gmansilla you will feed the table with this data
>
> id    |    document_id     |      user_id       |      group_id   |
> create  |   read   |   update   |    delete      |
> 1                9                        null
> 1                0            1             0               0
> 2                9                        null                     4
>                0            1             0               0
> 3                9                        7                        null
>             0            0             0               0
>
> Basically you fill the table with the permits and the explicit denies,
> then
>
> Then in your Controller place a function that checks if a user has permision
> or not, something like
>
> function __hasPermission($document_id, $user_id, $group_id, $action){
>           switch ($action) {
>                    case 'read':
>                             return ($this->theNewModel->find('count',
> array('contionds' => array('read' => 1, 'group_id' => $group_id,
> 'document_id' => $document_id))) > 0
>                                        && $this->theNewModel->find('count',
> array('contionds' => array('read ' => 0, 'user_id' => $user_id,
> 'document_id' => $document_id))) == 0
>                                        )
>                                         //I am counting results in find
> queries where my group  has permission (1)  and I am not denied (0)
>
>                                       );
>                              brake;
>                   case  and so on
>           }
>
> }
>
> Then you can call you function passing the required parameters, example:
> Lets say I am user_id = 3 and I belong to groups = 5 and 7,  and I want to
> read document_id = 9
> Now I want to check if the User has permission: $this->__hasPermision(9, 3,
> array('5', '7'), 'read')
>
> All of this Is to only check permissions...
>
> To display What documents Can I read I would use the containable behavior or
> just bindModel setting the conditions You need.
>
> I hope it helps you
>
> On 10 February 2010 16:54, marco.rizze...@gmail.com <
>
> marco.rizze...@gmail.com> wrote:
> > I try to explain better.
> > I have users that belongs to groups (a user can belong to many group
> > and a group can have many users)
> > Then I have documents.
> > I must manage permissions on documents.
> > Permissions are : read a document, edit a document etc...
> > Permission can be defined in raltion to groups or to users
>
> > So there are documents can be accessed by all user in a group and
> > there are other documents can be accessed by only some users.
>
> > I ask  what is the best pattern to manage this situation
>
> > To manage this is better have a HABTM relation between User and
> > Document with a "permission" field ( more simple but I have to use
> > more and more space).
> > In this way when I set that a document can be access by a group I must
> > insert in HABTM relation all the users of the group.
>
> > or I use ACL (very very complex to use in this situation(I have to
> > manage also that a user can belong to many groups)
>
> > or I ask if exist another method?
>
> > I hope that now my problem is more understandable.
> > On 10 Feb, 17:46, anl hp  wrote:
> > > Forgive me, but I'm making a mess, now you're saying: "I must find all
> > users
> > > that belong to the group and insert a record in
> > > all two tables(LineDoc and DocPermit) for every user." I believe I don't
> > > understand you quite well at first time, but anyway, If you going to do
> > > that, may be is better for you to
> > > merge the LineDoc Model and DocPermit Model into one model, thus
> > eliminating
> > > the need
> > > of insert pretty same data in two different tables
>
> > > anl
>
> > > On Wed, Feb 10, 2010 at 3:23 PM, marco.rizze...@gmail.com <
>
> > > marco.rizze...@gmail.com> wrote:
> > > > Ok many thanks.
> > > > Using the solution that you have s

Re: Question about use ACL with paginate

[Guillermo Mansilla]

I think about this:
Have a table (with its model) named documents_permissions with the following
fields
id, document_id, user_id, group_id, read, create, update, delete
this model belongs To: User, Group, Document
Since a user may be part of many groups and some times you may have cases
like this:
user gmansilla (user_id 7) belongs to groups: teachers (group_id 4) and
administrators (group_id 1),  and document "taxes" (document_id 9) may be
read only by administrators. You will have to feed the table with this data:

id|document_id |  user_id   |  group_id   |
create  |   read   |   update   |delete  |
19null
101 0   0

In case this document may be read by teachers and administrator but may not
be read my gmansilla you will feed the table with this data

id|document_id |  user_id   |  group_id   |
create  |   read   |   update   |delete  |
19null
101 0   0
29null 4
   01 0   0
397null
00 0   0

Basically you fill the table with the permits and the explicit denies,
then

Then in your Controller place a function that checks if a user has permision
or not, something like

function __hasPermission($document_id, $user_id, $group_id, $action){
  switch ($action) {
   case 'read':
return ($this->theNewModel->find('count',
array('contionds' => array('read' => 1, 'group_id' => $group_id,
'document_id' => $document_id))) > 0
   && $this->theNewModel->find('count',
array('contionds' => array('read ' => 0, 'user_id' => $user_id,
'document_id' => $document_id))) == 0
   )
//I am counting results in find
queries where my group  has permission (1)  and I am not denied (0)

  );
 brake;
  case  and so on
  }
}

Then you can call you function passing the required parameters, example:
Lets say I am user_id = 3 and I belong to groups = 5 and 7,  and I want to
read document_id = 9
Now I want to check if the User has permission: $this->__hasPermision(9, 3,
array('5', '7'), 'read')

All of this Is to only check permissions...

To display What documents Can I read I would use the containable behavior or
just bindModel setting the conditions You need.

I hope it helps you




On 10 February 2010 16:54, marco.rizze...@gmail.com <
marco.rizze...@gmail.com> wrote:

> I try to explain better.
> I have users that belongs to groups (a user can belong to many group
> and a group can have many users)
> Then I have documents.
> I must manage permissions on documents.
> Permissions are : read a document, edit a document etc...
> Permission can be defined in raltion to groups or to users
>
> So there are documents can be accessed by all user in a group and
> there are other documents can be accessed by only some users.
>
> I ask  what is the best pattern to manage this situation
>
> To manage this is better have a HABTM relation between User and
> Document with a "permission" field ( more simple but I have to use
> more and more space).
> In this way when I set that a document can be access by a group I must
> insert in HABTM relation all the users of the group.
>
> or I use ACL (very very complex to use in this situation(I have to
> manage also that a user can belong to many groups)
>
> or I ask if exist another method?
>
> I hope that now my problem is more understandable.
> On 10 Feb, 17:46, anl hp  wrote:
> > Forgive me, but I'm making a mess, now you're saying: "I must find all
> users
> > that belong to the group and insert a record in
> > all two tables(LineDoc and DocPermit) for every user." I believe I don't
> > understand you quite well at first time, but anyway, If you going to do
> > that, may be is better for you to
> > merge the LineDoc Model and DocPermit Model into one model, thus
> eliminating
> > the need
> > of insert pretty same data in two different tables
> >
> > anl
> >
> > On Wed, Feb 10, 2010 at 3:23 PM, marco.rizze...@gmail.com <
> >
> > marco.rizze...@gmail.com> wrote:
> > > Ok many thanks.
> > > Using the solution that you have suggested I don't need to use ACL.
> > > In this case for manage permissions expressed by group on a document
> > > (like "Group A can read Document 1")
> > > I must find all users that belong to the group and insert a record in
> > > all two tables(LineDoc and DocPermit) for every user.
> > > Is it correct?
> >
> > > On 10 Feb, 14:20, anler  wrote:
> > > > I think the BEST w

Re: Question about use ACL with paginate

[marco.rizze...@gmail.com]

I try to explain better.
I have users that belongs to groups (a user can belong to many group
and a group can have many users)
Then I have documents.
I must manage permissions on documents.
Permissions are : read a document, edit a document etc...
Permission can be defined in raltion to groups or to users

So there are documents can be accessed by all user in a group and
there are other documents can be accessed by only some users.

I ask  what is the best pattern to manage this situation

To manage this is better have a HABTM relation between User and
Document with a "permission" field ( more simple but I have to use
more and more space).
In this way when I set that a document can be access by a group I must
insert in HABTM relation all the users of the group.

or I use ACL (very very complex to use in this situation(I have to
manage also that a user can belong to many groups)

or I ask if exist another method?

I hope that now my problem is more understandable.
On 10 Feb, 17:46, anl hp  wrote:
> Forgive me, but I'm making a mess, now you're saying: "I must find all users
> that belong to the group and insert a record in
> all two tables(LineDoc and DocPermit) for every user." I believe I don't
> understand you quite well at first time, but anyway, If you going to do
> that, may be is better for you to
> merge the LineDoc Model and DocPermit Model into one model, thus eliminating
> the need
> of insert pretty same data in two different tables
>
> anl
>
> On Wed, Feb 10, 2010 at 3:23 PM, marco.rizze...@gmail.com <
>
> marco.rizze...@gmail.com> wrote:
> > Ok many thanks.
> > Using the solution that you have suggested I don't need to use ACL.
> > In this case for manage permissions expressed by group on a document
> > (like "Group A can read Document 1")
> > I must find all users that belong to the group and insert a record in
> > all two tables(LineDoc and DocPermit) for every user.
> > Is it correct?
>
> > On 10 Feb, 14:20, anler  wrote:
> > > I think the BEST way is using ACL, and yes, it's complex, but give you
> > > reliability for free, even more
> > >  if you are mixin groups in the coctel (group permits are inherited by
> > > users of that group, and things like that),
> > >  with ACL you could handle better reading and writing documents
> > > through AuthComponent::authorize = 'crud'
> > > (If you have time and patience I encourage you to do it this way, I
> > > will help in anything you need ;) )
>
> > > if you just want get something fast and cheap, well, I'll tell you
> > > what I'm thinking
>
> > > - Keep the model Document as flat as possible, ex in db:
> > >            table documents(
> > >                      name .., created ..., modified ...
> > >           )
>
> > > - Instead of relating Users and Documents through a HABTM relation, in
> > > HABTM the join table acts only as a connection between de models, but
> > > if you feel the need of add more
> > > information to this table, you should give her its own model because
> > > it is participating in the application bussiness, ex:
> > >           table line_docs(
> > >                    user_id, document_id, date_when_read, etc
> > >           )
>
> > >  model  LineDocs (or whatever name you want give him)
> > >                hasMany => Users
> > >                hasMany => Documents
>
> > > - Let another table manage the user permits on documents
> > >           table doc_permits(
> > >                user__id, document_id, create?, read?, write?, delete?,
> > > etc
> > >           )
> > >     and check this table when somebody wants to touch or create some
> > > document
>
> > > On Feb 10, 1:41 pm, "marco.rizze...@gmail.com"
>
> > >  wrote:
> > > > Can you explain better what is your solution.
> > > > I explain better my situation:
>
> > > > Model :
> > > > Group: (HABTM User)
> > > > User:(HABTM:Group)
> > > > Document
>
> > > > I have to manage permissions to access to documents.
> > > > Some users can modify some documents , some users can only read some
> > > > documents(I must also register when a user reads a documents ), some
> > > > users can't read some documents.
>
> > > > To manage this is better have a HABTM relation between User and
> > > > Document with a "permission" field (and with a "date_when_read"
> > > > field)  ( more simple but I have to use more and more space).
>
> > > > or use ACL (very very complex to use in this situation(I have to
> > > > manage also that a user can belong to many groups) and but it uses
> > > > less space)
>
> > > > or exist another method to use (a best pattern)?
>
> > > > Write all your experience about this because I think that is one of
> > > > the big problem when project a web application
> > > > Many Thanks
> > > > On 10 Feb, 12:53, anler  wrote:
>
> > > > > Are you aking how find the allowed docs or how to paginate this
> > result
> > > > > (or both)?
>
> > > > > I did something similar once but with a different approach, since I
> > > > > was working with
> > > > > 'resources' in

Re: Question about use ACL with paginate

[anl hp]

Forgive me, but I'm making a mess, now you're saying: "I must find all users
that belong to the group and insert a record in
all two tables(LineDoc and DocPermit) for every user." I believe I don't
understand you quite well at first time, but anyway, If you going to do
that, may be is better for you to
merge the LineDoc Model and DocPermit Model into one model, thus eliminating
the need
of insert pretty same data in two different tables

anl


On Wed, Feb 10, 2010 at 3:23 PM, marco.rizze...@gmail.com <
marco.rizze...@gmail.com> wrote:

> Ok many thanks.
> Using the solution that you have suggested I don't need to use ACL.
> In this case for manage permissions expressed by group on a document
> (like "Group A can read Document 1")
> I must find all users that belong to the group and insert a record in
> all two tables(LineDoc and DocPermit) for every user.
> Is it correct?
>
> On 10 Feb, 14:20, anler  wrote:
> > I think the BEST way is using ACL, and yes, it's complex, but give you
> > reliability for free, even more
> >  if you are mixin groups in the coctel (group permits are inherited by
> > users of that group, and things like that),
> >  with ACL you could handle better reading and writing documents
> > through AuthComponent::authorize = 'crud'
> > (If you have time and patience I encourage you to do it this way, I
> > will help in anything you need ;) )
> >
> > if you just want get something fast and cheap, well, I'll tell you
> > what I'm thinking
> >
> > - Keep the model Document as flat as possible, ex in db:
> >table documents(
> >  name .., created ..., modified ...
> >   )
> >
> > - Instead of relating Users and Documents through a HABTM relation, in
> > HABTM the join table acts only as a connection between de models, but
> > if you feel the need of add more
> > information to this table, you should give her its own model because
> > it is participating in the application bussiness, ex:
> >   table line_docs(
> >user_id, document_id, date_when_read, etc
> >   )
> >
> >  model  LineDocs (or whatever name you want give him)
> >hasMany => Users
> >hasMany => Documents
> >
> > - Let another table manage the user permits on documents
> >   table doc_permits(
> >user__id, document_id, create?, read?, write?, delete?,
> > etc
> >   )
> > and check this table when somebody wants to touch or create some
> > document
> >
> > On Feb 10, 1:41 pm, "marco.rizze...@gmail.com"
> >
> >  wrote:
> > > Can you explain better what is your solution.
> > > I explain better my situation:
> >
> > > Model :
> > > Group: (HABTM User)
> > > User:(HABTM:Group)
> > > Document
> >
> > > I have to manage permissions to access to documents.
> > > Some users can modify some documents , some users can only read some
> > > documents(I must also register when a user reads a documents ), some
> > > users can't read some documents.
> >
> > > To manage this is better have a HABTM relation between User and
> > > Document with a "permission" field (and with a "date_when_read"
> > > field)  ( more simple but I have to use more and more space).
> >
> > > or use ACL (very very complex to use in this situation(I have to
> > > manage also that a user can belong to many groups) and but it uses
> > > less space)
> >
> > > or exist another method to use (a best pattern)?
> >
> > > Write all your experience about this because I think that is one of
> > > the big problem when project a web application
> > > Many Thanks
> > > On 10 Feb, 12:53, anler  wrote:
> >
> > > > Are you aking how find the allowed docs or how to paginate this
> result
> > > > (or both)?
> >
> > > > I did something similar once but with a different approach, since I
> > > > was working with
> > > > 'resources' instead of documents, I listed the resources and the
> > > > option 'access info'
> > > > to show the permits for that resource (this way used less db queries)
> >
> > > > On Feb 10, 12:41 pm, "marco.rizze...@gmail.com"
> >
> > > >  wrote:
> > > > > Hi
> > > > > I have this question:
> > > > > I use ACL for manage the access to documents by users.
> > > > > Now I must display a list of all documents that are accessible by
> the
> > > > > logged user.
> > > > > This list must be paginated.
> > > > > I have no idea about how to do this and I think to abandon the ACL
> and
> > > > > manage the permits with a big table with all relations (HABTM)
> between
> > > > > users and documents.
> > > > > I would ask if someone has any idea about this.
> > > > > Many Thanks
> >
> >
>
> Check out the new CakePHP Questions site http://cakeqs.org and help others
> with their CakePHP related questions.
>
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To post to this group, send email to cake-php@googlegroups.com
> To unsubscribe from this group, send email to
> cake-php+unsubscr...@googlegroups.c

Re: Question about use ACL with paginate

[marco.rizze...@gmail.com]

Ok many thanks.
Using the solution that you have suggested I don't need to use ACL.
In this case for manage permissions expressed by group on a document
(like "Group A can read Document 1")
I must find all users that belong to the group and insert a record in
all two tables(LineDoc and DocPermit) for every user.
Is it correct?

On 10 Feb, 14:20, anler  wrote:
> I think the BEST way is using ACL, and yes, it's complex, but give you
> reliability for free, even more
>  if you are mixin groups in the coctel (group permits are inherited by
> users of that group, and things like that),
>  with ACL you could handle better reading and writing documents
> through AuthComponent::authorize = 'crud'
> (If you have time and patience I encourage you to do it this way, I
> will help in anything you need ;) )
>
> if you just want get something fast and cheap, well, I'll tell you
> what I'm thinking
>
> - Keep the model Document as flat as possible, ex in db:
>            table documents(
>                      name .., created ..., modified ...
>           )
>
> - Instead of relating Users and Documents through a HABTM relation, in
> HABTM the join table acts only as a connection between de models, but
> if you feel the need of add more
> information to this table, you should give her its own model because
> it is participating in the application bussiness, ex:
>           table line_docs(
>                    user_id, document_id, date_when_read, etc
>           )
>
>  model  LineDocs (or whatever name you want give him)
>                hasMany => Users
>                hasMany => Documents
>
> - Let another table manage the user permits on documents
>           table doc_permits(
>                user__id, document_id, create?, read?, write?, delete?,
> etc
>           )
>     and check this table when somebody wants to touch or create some
> document
>
> On Feb 10, 1:41 pm, "marco.rizze...@gmail.com"
>
>  wrote:
> > Can you explain better what is your solution.
> > I explain better my situation:
>
> > Model :
> > Group: (HABTM User)
> > User:(HABTM:Group)
> > Document
>
> > I have to manage permissions to access to documents.
> > Some users can modify some documents , some users can only read some
> > documents(I must also register when a user reads a documents ), some
> > users can't read some documents.
>
> > To manage this is better have a HABTM relation between User and
> > Document with a "permission" field (and with a "date_when_read"
> > field)  ( more simple but I have to use more and more space).
>
> > or use ACL (very very complex to use in this situation(I have to
> > manage also that a user can belong to many groups) and but it uses
> > less space)
>
> > or exist another method to use (a best pattern)?
>
> > Write all your experience about this because I think that is one of
> > the big problem when project a web application
> > Many Thanks
> > On 10 Feb, 12:53, anler  wrote:
>
> > > Are you aking how find the allowed docs or how to paginate this result
> > > (or both)?
>
> > > I did something similar once but with a different approach, since I
> > > was working with
> > > 'resources' instead of documents, I listed the resources and the
> > > option 'access info'
> > > to show the permits for that resource (this way used less db queries)
>
> > > On Feb 10, 12:41 pm, "marco.rizze...@gmail.com"
>
> > >  wrote:
> > > > Hi
> > > > I have this question:
> > > > I use ACL for manage the access to documents by users.
> > > > Now I must display a list of all documents that are accessible by the
> > > > logged user.
> > > > This list must be paginated.
> > > > I have no idea about how to do this and I think to abandon the ACL and
> > > > manage the permits with a big table with all relations (HABTM) between
> > > > users and documents.
> > > > I would ask if someone has any idea about this.
> > > > Many Thanks
>
>

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Re: Question about use ACL with paginate

[anler]

I think the BEST way is using ACL, and yes, it's complex, but give you
reliability for free, even more
 if you are mixin groups in the coctel (group permits are inherited by
users of that group, and things like that),
 with ACL you could handle better reading and writing documents
through AuthComponent::authorize = 'crud'
(If you have time and patience I encourage you to do it this way, I
will help in anything you need ;) )

if you just want get something fast and cheap, well, I'll tell you
what I'm thinking

- Keep the model Document as flat as possible, ex in db:
   table documents(
 name .., created ..., modified ...
  )

- Instead of relating Users and Documents through a HABTM relation, in
HABTM the join table acts only as a connection between de models, but
if you feel the need of add more
information to this table, you should give her its own model because
it is participating in the application bussiness, ex:
  table line_docs(
   user_id, document_id, date_when_read, etc
  )

 model  LineDocs (or whatever name you want give him)
   hasMany => Users
   hasMany => Documents

- Let another table manage the user permits on documents
  table doc_permits(
   user__id, document_id, create?, read?, write?, delete?,
etc
  )
and check this table when somebody wants to touch or create some
document


On Feb 10, 1:41 pm, "marco.rizze...@gmail.com"
 wrote:
> Can you explain better what is your solution.
> I explain better my situation:
>
> Model :
> Group: (HABTM User)
> User:(HABTM:Group)
> Document
>
> I have to manage permissions to access to documents.
> Some users can modify some documents , some users can only read some
> documents(I must also register when a user reads a documents ), some
> users can't read some documents.
>
> To manage this is better have a HABTM relation between User and
> Document with a "permission" field (and with a "date_when_read"
> field)  ( more simple but I have to use more and more space).
>
> or use ACL (very very complex to use in this situation(I have to
> manage also that a user can belong to many groups) and but it uses
> less space)
>
> or exist another method to use (a best pattern)?
>
> Write all your experience about this because I think that is one of
> the big problem when project a web application
> Many Thanks
> On 10 Feb, 12:53, anler  wrote:
>
> > Are you aking how find the allowed docs or how to paginate this result
> > (or both)?
>
> > I did something similar once but with a different approach, since I
> > was working with
> > 'resources' instead of documents, I listed the resources and the
> > option 'access info'
> > to show the permits for that resource (this way used less db queries)
>
> > On Feb 10, 12:41 pm, "marco.rizze...@gmail.com"
>
> >  wrote:
> > > Hi
> > > I have this question:
> > > I use ACL for manage the access to documents by users.
> > > Now I must display a list of all documents that are accessible by the
> > > logged user.
> > > This list must be paginated.
> > > I have no idea about how to do this and I think to abandon the ACL and
> > > manage the permits with a big table with all relations (HABTM) between
> > > users and documents.
> > > I would ask if someone has any idea about this.
> > > Many Thanks

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Re: Question about use ACL with paginate

[marco.rizze...@gmail.com]

Can you explain better what is your solution.
I explain better my situation:

Model :
Group: (HABTM User)
User:(HABTM:Group)
Document

I have to manage permissions to access to documents.
Some users can modify some documents , some users can only read some
documents(I must also register when a user reads a documents ), some
users can't read some documents.

To manage this is better have a HABTM relation between User and
Document with a "permission" field (and with a "date_when_read"
field)  ( more simple but I have to use more and more space).

or use ACL (very very complex to use in this situation(I have to
manage also that a user can belong to many groups) and but it uses
less space)

or exist another method to use (a best pattern)?

Write all your experience about this because I think that is one of
the big problem when project a web application
Many Thanks
On 10 Feb, 12:53, anler  wrote:
> Are you aking how find the allowed docs or how to paginate this result
> (or both)?
>
> I did something similar once but with a different approach, since I
> was working with
> 'resources' instead of documents, I listed the resources and the
> option 'access info'
> to show the permits for that resource (this way used less db queries)
>
> On Feb 10, 12:41 pm, "marco.rizze...@gmail.com"
>
>  wrote:
> > Hi
> > I have this question:
> > I use ACL for manage the access to documents by users.
> > Now I must display a list of all documents that are accessible by the
> > logged user.
> > This list must be paginated.
> > I have no idea about how to do this and I think to abandon the ACL and
> > manage the permits with a big table with all relations (HABTM) between
> > users and documents.
> > I would ask if someone has any idea about this.
> > Many Thanks
>
>

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Re: Question about use ACL with paginate

[anler]

Are you aking how find the allowed docs or how to paginate this result
(or both)?

I did something similar once but with a different approach, since I
was working with
'resources' instead of documents, I listed the resources and the
option 'access info'
to show the permits for that resource (this way used less db queries)

On Feb 10, 12:41 pm, "marco.rizze...@gmail.com"
 wrote:
> Hi
> I have this question:
> I use ACL for manage the access to documents by users.
> Now I must display a list of all documents that are accessible by the
> logged user.
> This list must be paginated.
> I have no idea about how to do this and I think to abandon the ACL and
> manage the permits with a big table with all relations (HABTM) between
> users and documents.
> I would ask if someone has any idea about this.
> Many Thanks

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en

Question about use ACL with paginate

[marco.rizze...@gmail.com]

Hi
I have this question:
I use ACL for manage the access to documents by users.
Now I must display a list of all documents that are accessible by the
logged user.
This list must be paginated.
I have no idea about how to do this and I think to abandon the ACL and
manage the permits with a big table with all relations (HABTM) between
users and documents.
I would ask if someone has any idea about this.
Many Thanks

Check out the new CakePHP Questions site http://cakeqs.org and help others with 
their CakePHP related questions.

You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en