Re: ACL Question
Hi Ed, Are you trying to say managing the actions only and sometimes it affects your CRUD ? I'm not en expert in this area, but giving my shot is: Use routing? That area is strange for me. Are you trying to hide some of the CRUD buttons for some users and not all? I think you can do that, I read that somewhere although I didn't manage to accomplish. Best wishes, cheers. John Maxim. On Jan 18, 12:18 am, CrotchFrog wrote: > Hi John, > > I do use a plugin to manage permissions and it seems to work quite > well > although I still prefer the shell interface for adding/removing aro/ > aco > and creating permissions on the fly. > > The grey area for me right now is authorizing CRUD vs. otherActions. > I know that I can use Auth->mapActions and treat otherActions as CRUD > but I assumed that Auth->authorize='actions' would allow me grant/ > deny > permissions on that action regardless of what the action does in > relation > to CRUD. > > I guess I'm still a bit confused here. > > On Jan 15, 11:02 pm, John Maxim wrote: > > > Hi Ed, > > > You can customise your users permission using ACL plugin. I suggest > > finding one on your own, the current one I use has a drawback when I > > have over 10 groups with different permission settings. The role > > permission setting stops working. However, it's still effective if I > > view users roles or users permission, and from there we can customise > > the users permission. > > > You may want to refer to this: > > >http://www.alaxos.net/blaxos/pages/view/7 > > > I'm not sure if you can find a better one or make one. The recommended > > ACL plugins can be found here: > > > Mark Story's ACL extras and menu components. > > >http://josediazgonzalez.com/2010/08/16/cakephp-plugins-a-biblical-ret... > > > If anytime you managed to get one working better than any above, share > > with me. > > > :-) > > > Best regards, > > Maxim. > > > On Jan 16, 9:59 am, Ed Propsner wrote: > > > > I've been plugging away with Cake for some time now with extremely few > > > issues. I recently decided that ACL was the right choice for my app ... > > > now > > > I have issues :) > > > > I've toyed with it long enough now that I understand the concept and > > > mechanics of it but the issue I'm having is this: > > > When granting access, it seems to be all or nothing. If I take the Group > > > users for example, access has to be at > > > CRUD 1 1 1 1 or sitewide access is denied. Changing it to CRUD 1 1 1 0 > > > denies access not just to the controller or parts of it, > > > but the entire app. I was assuming that ultimately I would be able deny > > > access to any controller/action that I want but it > > > doesn't seem to be working out that way for me. > > > > What I am overlooking here? I referenced the tutorial in the book when > > > putting the ACL together so the set-up is > > > very straightforward. I didn't try to do anything fancy or creative with > > > it, > > > it's all by the book. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: ACL Question
Hi John, I do use a plugin to manage permissions and it seems to work quite well although I still prefer the shell interface for adding/removing aro/ aco and creating permissions on the fly. The grey area for me right now is authorizing CRUD vs. otherActions. I know that I can use Auth->mapActions and treat otherActions as CRUD but I assumed that Auth->authorize='actions' would allow me grant/ deny permissions on that action regardless of what the action does in relation to CRUD. I guess I'm still a bit confused here. On Jan 15, 11:02 pm, John Maxim wrote: > Hi Ed, > > You can customise your users permission using ACL plugin. I suggest > finding one on your own, the current one I use has a drawback when I > have over 10 groups with different permission settings. The role > permission setting stops working. However, it's still effective if I > view users roles or users permission, and from there we can customise > the users permission. > > You may want to refer to this: > > http://www.alaxos.net/blaxos/pages/view/7 > > I'm not sure if you can find a better one or make one. The recommended > ACL plugins can be found here: > > Mark Story's ACL extras and menu components. > > http://josediazgonzalez.com/2010/08/16/cakephp-plugins-a-biblical-ret... > > If anytime you managed to get one working better than any above, share > with me. > > :-) > > Best regards, > Maxim. > > On Jan 16, 9:59 am, Ed Propsner wrote: > > > > > > > > > I've been plugging away with Cake for some time now with extremely few > > issues. I recently decided that ACL was the right choice for my app ... now > > I have issues :) > > > I've toyed with it long enough now that I understand the concept and > > mechanics of it but the issue I'm having is this: > > When granting access, it seems to be all or nothing. If I take the Group > > users for example, access has to be at > > CRUD 1 1 1 1 or sitewide access is denied. Changing it to CRUD 1 1 1 0 > > denies access not just to the controller or parts of it, > > but the entire app. I was assuming that ultimately I would be able deny > > access to any controller/action that I want but it > > doesn't seem to be working out that way for me. > > > What I am overlooking here? I referenced the tutorial in the book when > > putting the ACL together so the set-up is > > very straightforward. I didn't try to do anything fancy or creative with it, > > it's all by the book. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: ACL Question
Hi Ed, You can customise your users permission using ACL plugin. I suggest finding one on your own, the current one I use has a drawback when I have over 10 groups with different permission settings. The role permission setting stops working. However, it's still effective if I view users roles or users permission, and from there we can customise the users permission. You may want to refer to this: http://www.alaxos.net/blaxos/pages/view/7 I'm not sure if you can find a better one or make one. The recommended ACL plugins can be found here: Mark Story's ACL extras and menu components. http://josediazgonzalez.com/2010/08/16/cakephp-plugins-a-biblical-retelling/ If anytime you managed to get one working better than any above, share with me. :-) Best regards, Maxim. On Jan 16, 9:59 am, Ed Propsner wrote: > I've been plugging away with Cake for some time now with extremely few > issues. I recently decided that ACL was the right choice for my app ... now > I have issues :) > > I've toyed with it long enough now that I understand the concept and > mechanics of it but the issue I'm having is this: > When granting access, it seems to be all or nothing. If I take the Group > users for example, access has to be at > CRUD 1 1 1 1 or sitewide access is denied. Changing it to CRUD 1 1 1 0 > denies access not just to the controller or parts of it, > but the entire app. I was assuming that ultimately I would be able deny > access to any controller/action that I want but it > doesn't seem to be working out that way for me. > > What I am overlooking here? I referenced the tutorial in the book when > putting the ACL together so the set-up is > very straightforward. I didn't try to do anything fancy or creative with it, > it's all by the book. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: ACL Question
I was getting this self same error even though I had not declared any interest in Acl. It is not being called as a component, I am not calling any of its methods and the cache is completely clear. I am posting this as I made a schoolboy error and it might help prevent others doing the same. I tracked it down to the fact that in my app_controller I had: $this->Auth->authorize = 'actions'; This is only used when you are implementing Acl as well as Auth. If you are not using Acl, use this: $this->Auth->authorize = 'controller'; I made the mistake as I copied some code from the tutorial to help me set up Auth correctly. Of course, the tutorial also covers Acl, hence the mistake. Jeremy Burns jeremybu...@me.com On 15 Jan 2010, at 16:33, Dave wrote: > Yeah it was only in the app_controller, but I just dumped cache folder and > seemed to clear it up. > > Thanks, > > Dave > > -Original Message- > From: cake-php@googlegroups.com [mailto:cake-...@googlegroups.com] On Behalf > Of scs > Sent: January-15-10 12:51 PM > To: CakePHP > Subject: Re: ACL Question > > Make sure you do not have > var $components = array('Acl'); > in you app_controller or any other controllers > > On Jan 14, 8:48 pm, "Dave" wrote: >> I get this error as soon as i login >> >> Could not find AclComponent. Please include Acl in > Controller::$components. >> [CORE/cake/libs/controller/components/auth.php, line 378] >> >> Fatal error: Call to a member function check() on a non-object in >> /home4/public_html/cake/libs/controller/components/auth.php on line >> 480 >> >> But I am not using ACL, nor do I want to. Cant seem to figure out >> where this is coming from or why. >> >> Any ideas? No idea where to start >> >> Thanks >> >> Dave > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 9.0.725 / Virus Database: 270.14.139/2620 - Release Date: 01/15/10 > 09:17:00 > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
RE: ACL Question
I know. I was removing ACL from the app. It was only in app_controller but when I removed it I was getting errors. That's all, its all good. Thanks Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: ACL Question
> Yeah it was only in the app_controller, but I just dumped cache folder and > seemed to clear it up. If it's in AppController then all controllers inherit and will use it. Any components you put in a specific controller are merged with Appcontroller's, not overwritten. j -- jon bennett - www.jben.net - blog.jben.net Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
RE: ACL Question
Yeah it was only in the app_controller, but I just dumped cache folder and seemed to clear it up. Thanks, Dave -Original Message- From: cake-php@googlegroups.com [mailto:cake-...@googlegroups.com] On Behalf Of scs Sent: January-15-10 12:51 PM To: CakePHP Subject: Re: ACL Question Make sure you do not have var $components = array('Acl'); in you app_controller or any other controllers On Jan 14, 8:48 pm, "Dave" wrote: > I get this error as soon as i login > > Could not find AclComponent. Please include Acl in Controller::$components. > [CORE/cake/libs/controller/components/auth.php, line 378] > > Fatal error: Call to a member function check() on a non-object in > /home4/public_html/cake/libs/controller/components/auth.php on line > 480 > > But I am not using ACL, nor do I want to. Cant seem to figure out > where this is coming from or why. > > Any ideas? No idea where to start > > Thanks > > Dave No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.725 / Virus Database: 270.14.139/2620 - Release Date: 01/15/10 09:17:00 Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: ACL Question
Make sure you do not have var $components = array('Acl'); in you app_controller or any other controllers On Jan 14, 8:48 pm, "Dave" wrote: > I get this error as soon as i login > > Could not find AclComponent. Please include Acl in Controller::$components. > [CORE/cake/libs/controller/components/auth.php, line 378] > > Fatal error: Call to a member function check() on a non-object in > /home4/public_html/cake/libs/controller/components/auth.php on line 480 > > But I am not using ACL, nor do I want to. Cant seem to figure out where this > is coming from or why. > > Any ideas? No idea where to start > > Thanks > > Dave Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Acl question: Can I change the name of aros and acos tables?
On Thu, Jun 25, 2009 at 5:13 AM, Walther wrote: > > You could make more then one database config item and use them on the > required tables? Good point. I tend to think of the DB configs as being for a specific database. Of course, there's nothing stopping you from using the same DB but with separate prefixes. Except that it's just occurred to me that there's still an issue with associations--if there are associated tables with different prefixes then joins would be a problem. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Acl question: Can I change the name of aros and acos tables?
On Jun 25, 2:39 am, brian wrote: > On Wed, Jun 24, 2009 at 3:09 PM, zonium wrote: > > > I do use prefix param for some other projects where ACL is NOT > > utilized. > > However, my particular concern is about ACL component, I am not sure > > if ACL component respects $prefix param. (i.e. the sql statements to > > create aros and acos table do not take prefix into account). > > Aslo, when we specify $prefix, it will be used for all tables, we > > cannot different prefixs for different tables. > > > Any insight is appreciated. When you tried applying a prefix to your default db config - in what way did it not work. AD --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Acl question: Can I change the name of aros and acos tables?
You could make more then one database config item and use them on the required tables? On Jun 25, 2:39 am, brian wrote: > On Wed, Jun 24, 2009 at 3:09 PM, zonium wrote: > > > I do use prefix param for some other projects where ACL is NOT > > utilized. > > However, my particular concern is about ACL component, I am not sure > > if ACL component respects $prefix param. (i.e. the sql statements to > > create aros and acos table do not take prefix into account). > > Aslo, when we specify $prefix, it will be used for all tables, we > > cannot different prefixs for different tables. > > > Any insight is appreciated. > > Zonium > > You need to use more than one prefix? That might be a problem. Maybe > you can change the prefix on the fly (never tried that). --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Acl question: Can I change the name of aros and acos tables?
On Wed, Jun 24, 2009 at 3:09 PM, zonium wrote: > > I do use prefix param for some other projects where ACL is NOT > utilized. > However, my particular concern is about ACL component, I am not sure > if ACL component respects $prefix param. (i.e. the sql statements to > create aros and acos table do not take prefix into account). > Aslo, when we specify $prefix, it will be used for all tables, we > cannot different prefixs for different tables. > > Any insight is appreciated. > Zonium You need to use more than one prefix? That might be a problem. Maybe you can change the prefix on the fly (never tried that). --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Acl question: Can I change the name of aros and acos tables?
I do use prefix param for some other projects where ACL is NOT utilized. However, my particular concern is about ACL component, I am not sure if ACL component respects $prefix param. (i.e. the sql statements to create aros and acos table do not take prefix into account). Aslo, when we specify $prefix, it will be used for all tables, we cannot different prefixs for different tables. Any insight is appreciated. Zonium On Jun 24, 8:56 am, brian wrote: > On Tue, Jun 23, 2009 at 11:25 PM, zonium wrote: > > > We are forced to follow some naming conventions for our tables (some > > prefix needs to be added to the table names). I am going to use ACL > > component, but I wonder if I can use different names for aros, acos > > and acos_aros tables (e.g adding a prefix)? > > I've never used it myself, but there's a 'prefix' param in > database.php. I believe that's all you need to set. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Acl question: Can I change the name of aros and acos tables?
On Tue, Jun 23, 2009 at 11:25 PM, zonium wrote: > > > We are forced to follow some naming conventions for our tables (some > prefix needs to be added to the table names). I am going to use ACL > component, but I wonder if I can use different names for aros, acos > and acos_aros tables (e.g adding a prefix)? I've never used it myself, but there's a 'prefix' param in database.php. I believe that's all you need to set. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL question regarding Acl example
For baked forms it means the forms autogenerated by bake. If you haven't used bake yet, it's a command line utilities that let you auto- generate basic models, controllers and views, starting from your db structure. You can find more informations on the documentation. The basic class created by bake with allow you to perform the basics Create, Read, Update and Delete operation for all your entities, including Users and Groups. The link bettween this entities and ACL is not automatic bt it requires the implementation of some code in both the User and Group model. You should find all the info in the tutorial. I hope this few info can help you, unfortunately I'm at work and I'm not able to check the docs and give you more details. Andrea --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL Question based on ACL example in cookbook (1.2)
The first step you should do is to write out an example of what you want your ARO tree to look like. I think it will then be easier for someone to help you out. For example, I often have a tree that looks like the following: Superusers Users --Staff John Kramer Alex Wylde Managers --Ozzy --Jimmy What do you want your's to look like? -Aran On Dec 5, 9:24 am, Rob <[EMAIL PROTECTED]> wrote: > Not sure I follow, does the usergroups table not join the users and > groups? > > I have my ACL set up with the following HABTM: > > // Link to jobs > var $hasAndBelongsToMany = array( > 'Slot' => > array( > 'className' => 'Slot', > 'joinTable' => 'user_slots', > 'foreignKey' => 'user_id', > 'associationForeignKey' => 'slot_id', > 'conditions' => '', > 'order' => '', > 'limit' => '', > 'unique' => true, > 'finderQuery' => '', > 'deleteQuery' => '', > 'insertQuery' => '' > ), > 'Group' => > array( > 'className' => 'Group', > 'joinTable' => 'user_groups', > 'foreignKey' => 'user_id', > 'associationForeignKey' => 'group_id', > 'conditions' => '', > 'order' => '', > 'limit' => '', > 'unique' => true, > 'finderQuery' => '', > 'deleteQuery' => '', > 'insertQuery' => '' > ) > ); > > With users HABTM groups, and slots. > > What is it you need to do that isn't clear from the cookbook? > > On Dec 5, 6:28 am, SymenTimmermans <[EMAIL PROTECTED]> wrote: > > > Hi guys, > > > I'm building an application and want to controll access levels with > > ACL. > > I've setup the controllers and database by following the simple ACL > > application tutorial in the manual. > > > While the example in the manual uses 2 tables: 'groups' (hasmany) > > 'users', which makes the implementation fairly straightforward, in my > > situation, i'm using 3 tables: 'usergroups' (hasmany) > > 'companies' (hasmany) 'users'. > > > Can you explain to me how to implement the authentication for this > > situation. > > The ACL documentation in the manual is not enough to make me > > understand the concept. > > > Thanks, > > > Symen > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL Question based on ACL example in cookbook (1.2)
Not sure I follow, does the usergroups table not join the users and groups? I have my ACL set up with the following HABTM: // Link to jobs var $hasAndBelongsToMany = array( 'Slot' => array( 'className' => 'Slot', 'joinTable' => 'user_slots', 'foreignKey'=> 'user_id', 'associationForeignKey' => 'slot_id', 'conditions'=> '', 'order' => '', 'limit' => '', 'unique'=> true, 'finderQuery' => '', 'deleteQuery' => '', 'insertQuery' => '' ), 'Group' => array( 'className' => 'Group', 'joinTable' => 'user_groups', 'foreignKey'=> 'user_id', 'associationForeignKey' => 'group_id', 'conditions'=> '', 'order' => '', 'limit' => '', 'unique'=> true, 'finderQuery' => '', 'deleteQuery' => '', 'insertQuery' => '' ) ); With users HABTM groups, and slots. What is it you need to do that isn't clear from the cookbook? On Dec 5, 6:28 am, SymenTimmermans <[EMAIL PROTECTED]> wrote: > Hi guys, > > I'm building an application and want to controll access levels with > ACL. > I've setup the controllers and database by following the simple ACL > application tutorial in the manual. > > While the example in the manual uses 2 tables: 'groups' (hasmany) > 'users', which makes the implementation fairly straightforward, in my > situation, i'm using 3 tables: 'usergroups' (hasmany) > 'companies' (hasmany) 'users'. > > Can you explain to me how to implement the authentication for this > situation. > The ACL documentation in the manual is not enough to make me > understand the concept. > > Thanks, > > Symen --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL question regarding inherited permissions
Thanks a milion, it works now! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL question regarding inherited permissions
Not, that is a bug in ACL component, ticket: https://trac.cakephp.org/ticket/3851 , fixed on : https://trac.cakephp.org/changeset/6342 . Update your cake. On Jan 16, 2008 3:11 PM, alex.tomes <[EMAIL PROTECTED]> wrote: > > My situation is this: I have AROs nested: Admins and as a child of > that Subadmins. > Admins has acces to a certain ACO but Subadmins is set to deny access > to that ACO > > When I check Subadmins against that ACO it sais that it has access > although I set it to deny (checked in the database also, it show -1 on > all crud fields) > > So it is my assumption wrong that individual rights are more powerful > than inherited ones? > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL question: ACO-ARO links not being set as expected. Why?
Anyone any ideas? Surely ACL shouldn't be this hard? By the way, I'm using PHP 5 and Cake 1.2. On 31 Aug, 10:44, Paul <[EMAIL PROTECTED]> wrote: > Hi there, > > I'm getting more and more frustrated withACL, so please someone help > me before I drive myself mad! I'm sure once I'm over this last hurdle > it'll all fall into place :) > > If i do this: > > $this->Acl->deny($aroNode,$acoNode); > > then all the _read, _update etc. fields in the aros_acos table are set > to -1 (or 1 if I'd used allow). So far so good! > > However, If I have an array of 'actions', like this: > > $actions = Array('read','update'); > > And I set permissions like this: > > $this->Acl->allow($aroNode,$acoNode,$actions); > > Then _read and _update are set to 1 (as expected), but the rest are > set to zero - they are not left as they are (I explicitly do a deny > all before I call allow). This doesn't seem right to me - I would've > thought 'allowing' a set of permissions would leave the others > untouched? > > Try as I might I can't work out where in the cake source it's doing > this setting to zero. > > However, I have found out that when I do this: > > $this->Acl->check('create') > > ...a zero causes it to 'continue' and look further up the hierarchy, > towards the parent, and get the permission from there. > > Myaconodes are in a hierarchy, so this means I can't deny a child > access to something a parent has access to! (because if I deny all and > then allow the ones I want, then check looks to the parent for the > one's I didn't explictly allow) > > Am I misunderstanding things? Has anyone else had this problem? > > Thanks in advance, > Paul. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Acl question
Hi Nina Glad I could be of some assistance :-) Regards, Langdon Nina wrote: > Hi Langdon > > Your code sent me off in the right direction, so thank you for your > help. However I had to make substantial changes, because you code did > not fit with my user-model (and not with the functions avalible in > cake 1.2). Allow me to explain (for general edification): --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Acl question
Duh... I posted to soon, this is the function: function _getAllowedIds ($model, $access_type) { //this function returns a comma delimited string of id's that the logged in user has access to in the model given. $aro = new Aro(); // Get the username. It may be better to pass this to the function $user = $this->Session->read('User'); $aroAlias = 'User::'.$user['id']; $aroNode = $this->Acl->Aro->node($aroAlias); $permission = new Permission(); //loop from branches of aro tree to top for ($i = 0; $i < count($aroNode) -1; $i++) { $temp[] = $permission->findAllByAro_id($aroNode[$i]['Aro'] ['id']); } $Aco = new Aco(); $acos = array(); // Iterate through the links. The temp array (containing // permission entries) is sorted by aro, and leaves comes before // their parrents foreach ($temp as $tempAro) { // Iterate through each Aco attached the the current Aro foreach ($tempAro as $tempLink) { if (preg_match ("/^".$model."::\d+$/", $tempLink['Aco']['alias'])) { //the following contruction assures that permissions are //taken from the bottoms-most aro in the aro tree. I.e. if a //user belongs to a group, the group has access to a file //but the user does not, the user should not have //access. First time we arrive here, the permission for a //given aco is set to whatever it is for the bottom-most //aro. Second time we arrive the permission is only changed //if permission has not been specified in the first place. if (array_key_exists($tempLink['Aco']['alias'], $acos)) { switch($acos[$tempLink['Aco']['alias']]) { case -1: $acos[$tempLink['Aco']['alias']] = -1; break; case 0: $acos[$tempLink['Aco']['alias']] = $tempLink['Permission']['_'. $access_type]; break; case 1: $acos[$tempLink['Aco']['alias']] = 1; break; } } else { $acos[$tempLink['Aco']['alias']] = $tempLink['Permission']['_'. $access_type]; } } } // the acl model in this application is contructed such that Picture::id (or Text::id etc.) acos do not have children. // this means that there is no reason to find children on the acos in this loop } //extract the id's $acos_out = array(); foreach ($acos as $key => $aco) { if ($aco == 1) { array_push($acos_out,preg_replace("/^".$model."::(\d+)/", "$1", $key)); } } //create a comma delimited string of id's $string = implode(",", $acos_out); return $string; } --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Acl question
Hi Langdon Your code sent me off in the right direction, so thank you for your help. However I had to make substantial changes, because you code did not fit with my user-model (and not with the functions avalible in cake 1.2). Allow me to explain (for general edification): I have a user model where users can belong to a group. Aros for groups are name Group::$group_id and Aros for users are named User::$user_id. Groups and users are two seperate tables in my database. In my aros tree, a user aro always have a group aro as parrent. My acos are named after the model they correspond to. For example the aco named Picture::1 represents operations on picture number 1. By allowing or denying actions on this aco, I allow a user (or group) the right to perform those actions. When I check which Aros a certain user is represented by, I will always get at least two: the user aro and the group aro (plus the parent group aro, if there is one). When I allow and deny a certain aco the user aro, or lowermost aro in the aro tree, is the one that counts. Thus, if a group has read permission and the user has not, the user should be denied access. Thus, we must check the aros-acos permissions in a specific order. This is the function I cam up with. It works because the node() function in acl always returns the tree in the proper order: function _getAllowedIds ($model, $access_type) { //this function returns a comma delimited string of id's that the logged in user has access to in the model given. $aro = new Aro(); // Get the username. It may be better to pass this to the function $user = $this->Session->read('User'); $aroAlias = 'User::'.$user['id']; $aroNode = $this->Acl->Aro->node($aroAlias); $permission = new Permission(); //loop from branches of aro tree to top for ($i = 0; $i < count($aroNode) -1; $i++) { $temp[] = $permission->findAllByAro_id($aroNode[$i]['Aro'] ['id']); } $Aco = new Aco(); $acos = array(); // Iterate through the links. The temp array (containing // permission entries) is sorted by aro, and leaves come before // their parrents foreach ($temp as $tempAro) { // Iterate through each Aco attached the the current Aro foreach ($tempAro as $tempLink) { if (preg_match ("/^".$model."::\d+$/", $tempLink['Aco']['alias'])) { //the following construction assures that permissions are //taken from the bottoms-most aro in the aro tree. I.e. if a //user belongs to a group, the group has access to a file //but the user does not, the user should not have //access. First time we arrive here, the permission for a //given aco is set to whatever it is for the bottom-most //aro. Second time we arrive the permission is only changed //if permission has not been specified in the first place. if (array_key_exists($tempLink['Aco']['alias'], $acos)) { switch($acos[$tempLink['Aco']['alias']]) { case -1: $acos[$tempLink['Aco']['alias']] = -1; break; case 0: $acos[$tempLink['Aco']['alias']] = $tempLink['Permission']['_'. $access_type]; break; case 1: $acos[$tempLink['Aco']['alias']] = 1; break; } } else { $acos[$tempLink['Aco']['alias']] = $tempLink['Permission']['_'. $access_type]; } } } // the acl model in this application is contructed such that Picture::id (or Text::id etc.) acos do not have children. // this means that there is no reason to find children on the acos in this loop } //extract the id's foreach ($acos as $key => $aco) { if ($aco == 1) { $acos[$key] = preg_replace("/^".$model."::(\d+)/", "$1", $aco); } else { unset($acos[$key]); } } //create a comma delimited string of id's $string = implode(",", $acos); return $string; } } When calling this function I get a string of id's which corrensponds to the table entries that a user has x-access to (where x is create, read, update or delete). I hope someone might find this useful. :-) Nina On Aug 16, 1:07 pm, Langdon Stevenson <[EMAIL PROTECTED]> wrote: > Hi Nina > > > > > However, what I'd like is a simple command to find all pictures that a > > given user has access to. I realize that I can find all pictures and > > check them one by one. However, this seems expensive to me (one query > > to get all pictures and then N queries to check the permissions). > > There must be a simpler way to do it, but to find it requires a deep > > understanding of howaclwork, and I don't really have that > > understanding (yet), so I am asking you. Has anyone here encountered a > > similar problem, and how did you solve it? If not, do you have any > > ideas on how I might attack this problem? > > If you have a look at the api forACLyou w
Re: Acl question
Hi Nina > However, what I'd like is a simple command to find all pictures that a > given user has access to. I realize that I can find all pictures and > check them one by one. However, this seems expensive to me (one query > to get all pictures and then N queries to check the permissions). > There must be a simpler way to do it, but to find it requires a deep > understanding of how acl work, and I don't really have that > understanding (yet), so I am asking you. Has anyone here encountered a > similar problem, and how did you solve it? If not, do you have any > ideas on how I might attack this problem? If you have a look at the api for ACL you will find that ACL provides a number of methods that aren't obvious from the documentation. One of them (I don't remember which) takes an ARO id as an argument and returns a tree of ACO objects that the ARO has access to. I think that this should suite your needs. ... I have just tried to work back through the code and extract the key part, but for the life of me I can't find what I am looking for in the api, or the Cake ACL code. I did however discover the following thread that I posted on this subject a while ago: http://groups.google.com/group/cake-php/browse_thread/thread/263d3ffd6fb7533d/94779c7877163bb0 It explains what I did and shows the code that I used. However I can't find the parts of the api that it depends upon. Let me know if you need more explanation. Regards, Langdon --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---