Re: ACL from View
Faza, appreciate the help. The problem I see with your approach occurs in your earlier example here: in view i put this: (yes, I will make a helper to do it one day) if (in_array($session-read('Auth.User.group'), array(Administrator, Designer)) { ... } This assumes (hard-coded in the view) that group Designer will always have access to this particular view item. If you remove the right from the designer group, but the logged in user is still a member of group Designer then the condition will still pass. It's only checking group membership, not the rights of that group (really, the effective rights of the user is what should be checked) to that particular action in the view. What I want is a way, from the view, is to check if the logged-in user has access to a particular controller/action pair, so that I can show or hide links to any clickable link. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL from View
Although not a best way to achieve this, but so far this is my method: login function stores users ACL group in Auth.user.group: $gr = $this-User-Group-findById($this-Auth-user('group_id')); $this-Session-write('Auth.User.group', $gr['Group']['name']); in view i put this: (yes, I will make a helper to do it one day) if (in_array($session-read('Auth.User.group'), array(Administrator, Designer)) { ... } so far works like a charm. sdc53 pisze: I was wondering if anyone has any ideas regarding determining based on ACL whether or not a particular user has access to a specific controller/action pair from the view. Currently, we use the html helper to generate links to edit actions, etc something like the following: ?php echo $html-link('Edit', array('action'='edit', $model['Model'] ['id'])); ? Ideally, it would be in the form of a special helper (which I know has no access to the database) that checks to see if the logged-in user has access to that method and just does not generate the link if there is no access. We have a variety of user types and groups, with varying levels of access in our application using the same views. Based on the quantity of links and variability of some of the views we generate, I'd like to stay away from generating special variables for this purpose in the controller before the view is rendered, or creating special views that are basically identical for the different types of users in the system to hide these links. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL from View
Thanks Faza - but that doesn't work because that makes the assumption in the view that the group would always have access to that item. Let's say then with ACL you remove that right... all the views where you have that hard-coded logic would then need to be updated, which is the problem I am trying to avoid. Ideally, ACL would be the one place to go where that is controlled. We currently have an application that is in flux - meaning that there will be different types of free, discounted, and full memberships, along with different levels of administrators. What these users and groups are allowed to do will change over time. I want to minimize the hard-coded stuff, and just ask ACL, can this user do whateverController/whateverMethod, from the view. Sure, if the link is present, and the user clicks on it, I can deny access in the controller (which I do) but that becomes annoying to the end users. If they don't have rights to do a particular action, the link shouldn't be present in the view. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: ACL from View
Okay, when you remove the right, the checking function will just not return true, so in the end the expected result is achieved. Care to write up some example? sdc53 pisze: Thanks Faza - but that doesn't work because that makes the assumption in the view that the group would always have access to that item. Let's say then with ACL you remove that right... all the views where you have that hard-coded logic would then need to be updated, which is the problem I am trying to avoid. Ideally, ACL would be the one place to go where that is controlled. We currently have an application that is in flux - meaning that there will be different types of free, discounted, and full memberships, along with different levels of administrators. What these users and groups are allowed to do will change over time. I want to minimize the hard-coded stuff, and just ask ACL, can this user do whateverController/whateverMethod, from the view. Sure, if the link is present, and the user clicks on it, I can deny access in the controller (which I do) but that becomes annoying to the end users. If they don't have rights to do a particular action, the link shouldn't be present in the view. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---