Re: Row-level Model Access Control for CakePHP
updated, for those interested: http://jmcneese.wordpress.com/2009/04/19/rmac-ftw-part-1/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Row-level Model Access Control for CakePHP
brian,
the the filesystem context, i agree, it wouldn't make much sense. but
in the context of just getting a list of groups that the user can see,
it does. consider: if a user is in Global > Internal Users >
Editors, they would be in all three of those groups with my system.
they would be able to assign new records to any or all of the three
groups they are in. if they can't see the global group, they wouldn't
be able to assign a new row to that group.
i have a layout similar to yours, a sort of VFS called
"ContentFolder". it looks like this:
All Users
- some folder
-- some other folder
Group Folders
- Group A
-- stuff to do
-- hot shit
- Group B
- Group C
Personal Folders
- inbox
the All/Group/Personal folders have an "other read" permission on
them, so that everyone can see them. all other users have folders
under the personal folder, but obviously the logged-in user can only
see his own. there are folders for each group under the group folder,
but the user can only see the groups he's in, etc.
On Apr 6, 10:51 am, brian wrote:
> Thanks for posting this. I'm currently trying to work out how to do
> this. I took a look at your behavior and think it'd work for me.
>
> About the point you mentioned with Tree-based models: I'd think that
> if a User needed to be granted access to some row which had a parent
> that the User had been denied then the layout of your tree is wrong.
> If you think about a filesystem, if user cannot read/execute some
> directory, there's no point in having a file somewhere under it which
> gives read perms.
>
> My situation is that I have several Groups, and I need to restrict
> which branches of a Volume tree they can see. Basically, like
> filesystem tree, in fact. So, I was faced with having to fetch all
> available Volume.id and pass those to my find('threaded') call, like
> you mention how Mark Story put it: "you have to know the answer to the
> question before you even ask it". This works, but seems sub-optimal.
>
> Anyway, I'll give this a go later. Thanks again.
>
> On Mon, Apr 6, 2009 at 9:46 AM, jmcneese wrote:
>
> > since i've seen it talked about in the groups many, many, MANY times:
>
> >http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-contr...
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Row-level Model Access Control for CakePHP
absolutely, martin, i'd be honored. On Apr 6, 8:57 am, mradosta wrote: > Good to know other people are working on this. > > My implmentation presented in last cakefest (Buenos Aires 2008) well > described by Mark Story > here:http://cakedc.com/developer/mark_story/2008/12/04/martin-radosta-reco... > > The ppt or odp slides I've prepared for the cakefest (spanish version) > here:http://www.pragtico.com.ar/downloads/cakefest-08-v2.ppthttp://www.pragtico.com.ar/downloads/cakefest-08-v2.odp > > I'm working on a (plug & play) plugin version of this behavior that > I'll try to present in the next cakefest, so developers don't need to > know nothing about bitwise operations, etc, etc. > > So, if you (or someone else) would like to join this project, feel > free to contact me. I'll open a github project soon. > > Regards > > MARTIN > > On Apr 6, 10:46 am, jmcneese wrote: > > > since i've seen it talked about in the groups many, many, MANY times: > > >http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-contr... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Row-level Model Access Control for CakePHP
Thanks for posting this. I'm currently trying to work out how to do
this. I took a look at your behavior and think it'd work for me.
About the point you mentioned with Tree-based models: I'd think that
if a User needed to be granted access to some row which had a parent
that the User had been denied then the layout of your tree is wrong.
If you think about a filesystem, if user cannot read/execute some
directory, there's no point in having a file somewhere under it which
gives read perms.
My situation is that I have several Groups, and I need to restrict
which branches of a Volume tree they can see. Basically, like
filesystem tree, in fact. So, I was faced with having to fetch all
available Volume.id and pass those to my find('threaded') call, like
you mention how Mark Story put it: "you have to know the answer to the
question before you even ask it". This works, but seems sub-optimal.
Anyway, I'll give this a go later. Thanks again.
On Mon, Apr 6, 2009 at 9:46 AM, jmcneese wrote:
>
> since i've seen it talked about in the groups many, many, MANY times:
>
> http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-control-for-cakephp/
> >
>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Row-level Model Access Control for CakePHP
Good to know other people are working on this. My implmentation presented in last cakefest (Buenos Aires 2008) well described by Mark Story here: http://cakedc.com/developer/mark_story/2008/12/04/martin-radosta-record-level-security-based-on-sql The ppt or odp slides I've prepared for the cakefest (spanish version) here: http://www.pragtico.com.ar/downloads/cakefest-08-v2.ppt http://www.pragtico.com.ar/downloads/cakefest-08-v2.odp I'm working on a (plug & play) plugin version of this behavior that I'll try to present in the next cakefest, so developers don't need to know nothing about bitwise operations, etc, etc. So, if you (or someone else) would like to join this project, feel free to contact me. I'll open a github project soon. Regards MARTIN On Apr 6, 10:46 am, jmcneese wrote: > since i've seen it talked about in the groups many, many, MANY times: > > http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-contr... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
