Re: Record level ACL
Id()))
> > > {
> > > $ids_user = Permissionable::getUserId();
> > > $user_id = $ids_user[0];
> > > }
> > > else
> > > {
> > > $user_id = Permissionable::getUserId();
> > > }
>
> > > if(is_array(Permissionable::getGroupId()))
> > > {
> > > $ids_group = Permissionable::getGroupId();
> > > $group_id = $ids_group[0];
> > > }
> > > else
> > > {
> > > $group_id = Permissionable::getGroupId();
> > > }
>
> > > So now this works on both afterSave() and beforeFind() callback
> > > function, never minding if it is a array or variable.
> > > Now if user id 2 is the leader and user id 6 and 7 are under the
> > > privilege of user 2. How can i restrict some resource for the other
> > > users such as no deleting possible for 6,7 but only view. But user id
> > > 2 could do all the CRUD since he is the master for this record? I
> > > think I need to make a bitmask for this in perms but where in
> > > afterSave() and what is that bit?
>
> > > I wounder why I am not getting any help for this issue.. May be people
> > > here did not able to open the link which is
>
> > >http://jmcneese.wordpress.com/2010/01/28/rmac-is-dead-long-live-rmac/...
>
> > > Please help..:o
>
> > > > > One more this is when a admin delets all the record the
> > > > > "permission_bits" table not getting deleted..
>
> > > > > Thanks for any help..
>
> > > > > On Sep 26, 5:04 pm, sathyashrayan wrote:
>
> > > > > > Dear group,
> > > > > > After i used ACL plugin by Alaxos
> > > > > > (http://www.alaxos.ch/blaxos/pages/
> > > > > > view/plugin_acl) i wanted to have a ACL at each record level. That
> > > > > > is,
> > > > > > a user's record need not be shown to the non-Creator. I started to
> > > > > > understand the concept of record level ACL from this thread.
>
> > > > > > http://groups.google.com/group/cake-php/browse_frm/thread/886fe37ecbc...
>
> > > > > > After downloading those code from those given links about RMAC i
> > > > > > tried to implement it. But I am stuck. So i started to read that
> > > > > > code
> > > > > > (behaviour, [path]/app/plugin/permissionable/models/behaviors) i
> > > > > > understood that its the callback function that does all. Especially
> > > > > > the bit checking in _getPermissionQuery function. But I am still not
> > > > > > clear in implementation(user end). So i studied the Auth and ACL
> > > > > > component in core cake (libs) and i saw the _create,_delete (CRUD)
> > > > > > permission is set in Auth. Then I understood that RMAC
> > > > > > implementation
> > > > > > is different from Core ACL which uses aros_acos table. My doubt with
> > > > > > the RMAC plugin is this.. Does every record will have an extra entry
> > > > > > in the permission table? Can anyone give an example of this full
> > > > > > working of the
>
> ...
>
> read more »
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Record level ACL
> 1)Record created user (owner) can also delete his record
>
> > > Ok i have found out doing this point. Which is 480 in the prems coloum
> > > of permission_bits table.
> > > 840 == (111) - (100) - (000). Add the line before calling save ($this-
>
> > > >Contact->save($this->data)) in the contact_controller..
>
> > > $this->data['Permissionable'] = array('perms'=>480);
>
> > > > 2)Record created user (owner) can allow other group's user below his
> > > > level to do all the action (create/update/delete/view)
>
> > > > I can guess that this could be done in the Behavior (\app\plugins
> > > > \permissionable\models\behaviors\permissionable.php) with correct bit
> > > > set in the callback functions. But i dont know what is the bit mask
> > > > for that. If i am wrong then please correct me and guide me how to do
> > > > that.
>
> > ok I got a bit more closer in this. I have changed the
>
> > Permissionable::setUserId(array($userId,6,7)); in the file
>
> > [path]\app\plugins\permissionable\controllers\components
> > \permissionable.php
>
> > where 6,7 are other user IDs I get the following query generated with
> > beforeFind() callback function from the file [path]\app\plugins
> > \permissionable\models\behaviors\permissionable.php
>
> > SELECT `Contact`.*, `ContactPermissionBit`.* FROM `contacts` AS
> > `Contact` INNER JOIN `permission_bits` AS `ContactPermissionBit` ON
> > (`ContactPermissionBit`.`foreign_id` = `Contact`.`id` AND
> > `ContactPermissionBit`.`model` = 'Contact' AND
> > `ContactPermissionBit`.`foreign_id` = `Contact`.`id` AND
> > ((`ContactPermissionBit`.`perms`&4 <> 0) OR
> > (((`ContactPermissionBit`.`perms`&32 <> 0) AND
> > (`ContactPermissionBit`.`gid` = 2))) OR
> > (((`ContactPermissionBit`.`perms`&256 <> 0) AND
> > (`ContactPermissionBit`.`uid` IN (2,6,7)) WHERE 1 = 1 LIMIT 20
>
> > Look at the last part of the query IN (2,6,7) that happens with the
> > array of user ids. But this will affect the afterSave() callback in
> > [path]\app\plugins\permissionable\models\behaviors\permissionable.php
> > since it expects a variable but not an array. So I have changed the
> > code to check if its a array or variable. Just added these lines on
> > the top.
>
> > //$user_id = Permissionable::getUserId();
> > //$group_id = Permissionable::getGroupId();
>
> > if(is_array(Permissionable::getUserId()))
> > {
> > $ids_user = Permissionable::getUserId();
> > $user_id = $ids_user[0];
> > }
> > else
> > {
> > $user_id = Permissionable::getUserId();
> > }
>
> > if(is_array(Permissionable::getGroupId()))
> > {
> > $ids_group = Permissionable::getGroupId();
> > $group_id = $ids_group[0];
> > }
> > else
> > {
> > $group_id = Permissionable::getGroupId();
> > }
>
> > So now this works on both afterSave() and beforeFind() callback
> > function, never minding if it is a array or variable.
> > Now if user id 2 is the leader and user id 6 and 7 are under the
> > privilege of user 2. How can i restrict some resource for the other
> > users such as no deleting possible for 6,7 but only view. But user id
> > 2 could do all the CRUD since he is the master for this record? I
> > think I need to make a bitmask for this in perms but where in
> > afterSave() and what is that bit?
>
> > I wounder why I am not getting any help for this issue.. May be people
> > here did not able to open the link which is
>
> >http://jmcneese.wordpress.com/2010/01/28/rmac-is-dead-long-live-rmac/...
>
> > Please help..:o
>
> > > > One more this is when a admin delets all the record the
> > > > "permission_bits" table not getting deleted..
>
> > > > Thanks for any help..
>
> > > > On Sep 26, 5:04 pm, sathyashrayan wrote:
>
> > > > > Dear group,
> > > > > After i used ACL plugin by Alaxos (http://www.alaxos.ch/blaxos/pages/
> > > > > view/plugin_acl) i wanted to have a ACL at each record level. That is,
> > > > > a user's record need not be shown to the non-Creator. I started to
> > > > > understand the concept of record level ACL from this thread.
>
> > > > > http://groups.google.com/grou
Re: Record level ACL
rmissionable\models\behaviors\permissionable.php
>
> SELECT `Contact`.*, `ContactPermissionBit`.* FROM `contacts` AS
> `Contact` INNER JOIN `permission_bits` AS `ContactPermissionBit` ON
> (`ContactPermissionBit`.`foreign_id` = `Contact`.`id` AND
> `ContactPermissionBit`.`model` = 'Contact' AND
> `ContactPermissionBit`.`foreign_id` = `Contact`.`id` AND
> ((`ContactPermissionBit`.`perms`&4 <> 0) OR
> (((`ContactPermissionBit`.`perms`&32 <> 0) AND
> (`ContactPermissionBit`.`gid` = 2))) OR
> (((`ContactPermissionBit`.`perms`&256 <> 0) AND
> (`ContactPermissionBit`.`uid` IN (2,6,7)) WHERE 1 = 1 LIMIT 20
>
> Look at the last part of the query IN (2,6,7) that happens with the
> array of user ids. But this will affect the afterSave() callback in
> [path]\app\plugins\permissionable\models\behaviors\permissionable.php
> since it expects a variable but not an array. So I have changed the
> code to check if its a array or variable. Just added these lines on
> the top.
>
> //$user_id = Permissionable::getUserId();
> //$group_id = Permissionable::getGroupId();
>
> if(is_array(Permissionable::getUserId()))
> {
> $ids_user = Permissionable::getUserId();
> $user_id = $ids_user[0];
> }
> else
> {
> $user_id = Permissionable::getUserId();
> }
>
> if(is_array(Permissionable::getGroupId()))
> {
> $ids_group = Permissionable::getGroupId();
> $group_id = $ids_group[0];
> }
> else
> {
> $group_id = Permissionable::getGroupId();
> }
>
> So now this works on both afterSave() and beforeFind() callback
> function, never minding if it is a array or variable.
> Now if user id 2 is the leader and user id 6 and 7 are under the
> privilege of user 2. How can i restrict some resource for the other
> users such as no deleting possible for 6,7 but only view. But user id
> 2 could do all the CRUD since he is the master for this record? I
> think I need to make a bitmask for this in perms but where in
> afterSave() and what is that bit?
>
> I wounder why I am not getting any help for this issue.. May be people
> here did not able to open the link which is
>
> http://jmcneese.wordpress.com/2010/01/28/rmac-is-dead-long-live-rmac/http://jmcneese.wordpress.com/2009/04/19/rmac-ftw-part-1/
>
> Please help..:o
>
>
>
>
>
>
>
> > > One more this is when a admin delets all the record the
> > > "permission_bits" table not getting deleted..
>
> > > Thanks for any help..
>
> > > On Sep 26, 5:04 pm, sathyashrayan wrote:
>
> > > > Dear group,
> > > > After i used ACL plugin by Alaxos (http://www.alaxos.ch/blaxos/pages/
> > > > view/plugin_acl) i wanted to have a ACL at each record level. That is,
> > > > a user's record need not be shown to the non-Creator. I started to
> > > > understand the concept of record level ACL from this thread.
>
> > > > http://groups.google.com/group/cake-php/browse_frm/thread/886fe37ecbc...
>
> > > > After downloading those code from those given links about RMAC i
> > > > tried to implement it. But I am stuck. So i started to read that code
> > > > (behaviour, [path]/app/plugin/permissionable/models/behaviors) i
> > > > understood that its the callback function that does all. Especially
> > > > the bit checking in _getPermissionQuery function. But I am still not
> > > > clear in implementation(user end). So i studied the Auth and ACL
> > > > component in core cake (libs) and i saw the _create,_delete (CRUD)
> > > > permission is set in Auth. Then I understood that RMAC implementation
> > > > is different from Core ACL which uses aros_acos table. My doubt with
> > > > the RMAC plugin is this.. Does every record will have an extra entry
> > > > in the permission table? Can anyone give an example of this full
> > > > working of the RMAC code, with more than two or three model (tables)
> > > > with tree level access (roles) including every entry in the permission
> > > > table. Can I able to use both the ACL plugin and RMAC plugin together?
>
> > > > I am also planing to have own interface for the ACL, both action
> > > > level and record level. I am not sure if this will be continued since
> > > > i work for a company and they asked so. It could be dropped any time.
> > > > A basic layout as follows in a word docs.
>
> > > >https://docs.google.com/document/d/1VGkvtvZk3fuST_pgn1q0sfhtvgka1NCTY...
>
> > > > This is very basic and it could be non feasible (funny :D).
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Record level ACL
g if it is a array or variable. Now if user id 2 is the leader and user id 6 and 7 are under the privilege of user 2. How can i restrict some resource for the other users such as no deleting possible for 6,7 but only view. But user id 2 could do all the CRUD since he is the master for this record? I think I need to make a bitmask for this in perms but where in afterSave() and what is that bit? I wounder why I am not getting any help for this issue.. May be people here did not able to open the link which is http://jmcneese.wordpress.com/2010/01/28/rmac-is-dead-long-live-rmac/ http://jmcneese.wordpress.com/2009/04/19/rmac-ftw-part-1/ Please help..:o > > One more this is when a admin delets all the record the > > "permission_bits" table not getting deleted.. > > > Thanks for any help.. > > > On Sep 26, 5:04 pm, sathyashrayan wrote: > > > > Dear group, > > > After i used ACL plugin by Alaxos (http://www.alaxos.ch/blaxos/pages/ > > > view/plugin_acl) i wanted to have a ACL at each record level. That is, > > > a user's record need not be shown to the non-Creator. I started to > > > understand the concept of record level ACL from this thread. > > > > http://groups.google.com/group/cake-php/browse_frm/thread/886fe37ecbc... > > > > After downloading those code from those given links about RMAC i > > > tried to implement it. But I am stuck. So i started to read that code > > > (behaviour, [path]/app/plugin/permissionable/models/behaviors) i > > > understood that its the callback function that does all. Especially > > > the bit checking in _getPermissionQuery function. But I am still not > > > clear in implementation(user end). So i studied the Auth and ACL > > > component in core cake (libs) and i saw the _create,_delete (CRUD) > > > permission is set in Auth. Then I understood that RMAC implementation > > > is different from Core ACL which uses aros_acos table. My doubt with > > > the RMAC plugin is this.. Does every record will have an extra entry > > > in the permission table? Can anyone give an example of this full > > > working of the RMAC code, with more than two or three model (tables) > > > with tree level access (roles) including every entry in the permission > > > table. Can I able to use both the ACL plugin and RMAC plugin together? > > > > I am also planing to have own interface for the ACL, both action > > > level and record level. I am not sure if this will be continued since > > > i work for a company and they asked so. It could be dropped any time. > > > A basic layout as follows in a word docs. > > > >https://docs.google.com/document/d/1VGkvtvZk3fuST_pgn1q0sfhtvgka1NCTY... > > > > This is very basic and it could be non feasible (funny :D). -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Record level ACL
On Sep 28, 11:39 am, sathyashrayan wrote:
> Ok I have made the RMAC work (http://jmcneese.wordpress.com/2010/01/28/
> rmac-is-dead-long-live-rmac/) I will tell what i have done.
>
> 1)Downloaded a fresh cakephp
> 2)created the users,groups tables
> 3)acos,aros,acos_aros ("cake schema create DbAcl" in command line)
> 4)Baked users and used Auth component to set up a login page
> 5)Placed the plugin in [path]/app/plugin/permissionable
> 6)Created the permission_bits table
> 7)Created a "contacts" table for a sample module
> 8)In the file [path]\app\plugins\permissionable\controllers\components
> \permissionable.php I added
> var $components = array('Session', 'Auth');
> for calling
> $users = $this->Auth->user();
> Then assigned userid and groupid in
>
> $users = $this->Auth->user();
> $userId = $users['User']['id'];
> $groupId = $users['User']['id'];
> Permissionable::setUserId($userId);
> Permissionable::setGroupId($groupId);
> Permissionable::setGroupIds(array($groupId));
>
> 9)Created some groups in tree (tree component) with hierarchy
>
> 10)Now each user logged in and creates a contact the
> "permission_bits" table gets filled with model,and model Id and 416
> (default bits) in perms..
>
> 11)If each user logs in and he can see only his records. He can edit
> and view but he can not delete his own record. If an Admin logs in he
> can do all the action(delete also) on all the record including his
> record..
>
> Now what i need is..
>
> 1)Record created user (owner) can also delete his record
Ok i have found out doing this point. Which is 480 in the prems coloum
of permission_bits table.
840 == (111) - (100) - (000). Add the line before calling save ($this-
>Contact->save($this->data)) in the contact_controller..
$this->data['Permissionable'] = array('perms'=>480);
> 2)Record created user (owner) can allow other group's user below his
> level to do all the action (create/update/delete/view)
>
> I can guess that this could be done in the Behavior (\app\plugins
> \permissionable\models\behaviors\permissionable.php) with correct bit
> set in the callback functions. But i dont know what is the bit mask
> for that. If i am wrong then please correct me and guide me how to do
> that.
>
> One more this is when a admin delets all the record the
> "permission_bits" table not getting deleted..
>
> Thanks for any help..
>
> On Sep 26, 5:04 pm, sathyashrayan wrote:
>
>
>
>
>
>
>
> > Dear group,
> > After i used ACL plugin by Alaxos (http://www.alaxos.ch/blaxos/pages/
> > view/plugin_acl) i wanted to have a ACL at each record level. That is,
> > a user's record need not be shown to the non-Creator. I started to
> > understand the concept of record level ACL from this thread.
>
> > http://groups.google.com/group/cake-php/browse_frm/thread/886fe37ecbc...
>
> > After downloading those code from those given links about RMAC i
> > tried to implement it. But I am stuck. So i started to read that code
> > (behaviour, [path]/app/plugin/permissionable/models/behaviors) i
> > understood that its the callback function that does all. Especially
> > the bit checking in _getPermissionQuery function. But I am still not
> > clear in implementation(user end). So i studied the Auth and ACL
> > component in core cake (libs) and i saw the _create,_delete (CRUD)
> > permission is set in Auth. Then I understood that RMAC implementation
> > is different from Core ACL which uses aros_acos table. My doubt with
> > the RMAC plugin is this.. Does every record will have an extra entry
> > in the permission table? Can anyone give an example of this full
> > working of the RMAC code, with more than two or three model (tables)
> > with tree level access (roles) including every entry in the permission
> > table. Can I able to use both the ACL plugin and RMAC plugin together?
>
> > I am also planing to have own interface for the ACL, both action
> > level and record level. I am not sure if this will be continued since
> > i work for a company and they asked so. It could be dropped any time.
> > A basic layout as follows in a word docs.
>
> >https://docs.google.com/document/d/1VGkvtvZk3fuST_pgn1q0sfhtvgka1NCTY...
>
> > This is very basic and it could be non feasible (funny :D).
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Record level ACL
Ok I have made the RMAC work (http://jmcneese.wordpress.com/2010/01/28/
rmac-is-dead-long-live-rmac/) I will tell what i have done.
1)Downloaded a fresh cakephp
2)created the users,groups tables
3)acos,aros,acos_aros ("cake schema create DbAcl" in command line)
4)Baked users and used Auth component to set up a login page
5)Placed the plugin in [path]/app/plugin/permissionable
6)Created the permission_bits table
7)Created a "contacts" table for a sample module
8)In the file [path]\app\plugins\permissionable\controllers\components
\permissionable.php I added
var $components = array('Session', 'Auth');
for calling
$users = $this->Auth->user();
Then assigned userid and groupid in
$users = $this->Auth->user();
$userId = $users['User']['id'];
$groupId = $users['User']['id'];
Permissionable::setUserId($userId);
Permissionable::setGroupId($groupId);
Permissionable::setGroupIds(array($groupId));
9)Created some groups in tree (tree component) with hierarchy
10)Now each user logged in and creates a contact the
"permission_bits" table gets filled with model,and model Id and 416
(default bits) in perms..
11)If each user logs in and he can see only his records. He can edit
and view but he can not delete his own record. If an Admin logs in he
can do all the action(delete also) on all the record including his
record..
Now what i need is..
1)Record created user (owner) can also delete his record
2)Record created user (owner) can allow other group's user below his
level to do all the action (create/update/delete/view)
I can guess that this could be done in the Behavior (\app\plugins
\permissionable\models\behaviors\permissionable.php) with correct bit
set in the callback functions. But i dont know what is the bit mask
for that. If i am wrong then please correct me and guide me how to do
that.
One more this is when a admin delets all the record the
"permission_bits" table not getting deleted..
Thanks for any help..
On Sep 26, 5:04 pm, sathyashrayan wrote:
> Dear group,
> After i used ACL plugin by Alaxos (http://www.alaxos.ch/blaxos/pages/
> view/plugin_acl) i wanted to have a ACL at each record level. That is,
> a user's record need not be shown to the non-Creator. I started to
> understand the concept of record level ACL from this thread.
>
> http://groups.google.com/group/cake-php/browse_frm/thread/886fe37ecbc...
>
> After downloading those code from those given links about RMAC i
> tried to implement it. But I am stuck. So i started to read that code
> (behaviour, [path]/app/plugin/permissionable/models/behaviors) i
> understood that its the callback function that does all. Especially
> the bit checking in _getPermissionQuery function. But I am still not
> clear in implementation(user end). So i studied the Auth and ACL
> component in core cake (libs) and i saw the _create,_delete (CRUD)
> permission is set in Auth. Then I understood that RMAC implementation
> is different from Core ACL which uses aros_acos table. My doubt with
> the RMAC plugin is this.. Does every record will have an extra entry
> in the permission table? Can anyone give an example of this full
> working of the RMAC code, with more than two or three model (tables)
> with tree level access (roles) including every entry in the permission
> table. Can I able to use both the ACL plugin and RMAC plugin together?
>
> I am also planing to have own interface for the ACL, both action
> level and record level. I am not sure if this will be continued since
> i work for a company and they asked so. It could be dropped any time.
> A basic layout as follows in a word docs.
>
> https://docs.google.com/document/d/1VGkvtvZk3fuST_pgn1q0sfhtvgka1NCTY...
>
> This is very basic and it could be non feasible (funny :D).
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
Re: Record level ACL
I am sorry for the google document below. It is with some tables and insert object created with MC OFFICE word 2007. Its not as like it is.. On Sep 26, 5:04 pm, sathyashrayan wrote: > Dear group, > After i used ACL plugin by Alaxos (http://www.alaxos.ch/blaxos/pages/ > view/plugin_acl) i wanted to have a ACL at each record level. That is, > a user's record need not be shown to the non-Creator. I started to > understand the concept of record level ACL from this thread. > > http://groups.google.com/group/cake-php/browse_frm/thread/886fe37ecbc... > > After downloading those code from those given links about RMAC i > tried to implement it. But I am stuck. So i started to read that code > (behaviour, [path]/app/plugin/permissionable/models/behaviors) i > understood that its the callback function that does all. Especially > the bit checking in _getPermissionQuery function. But I am still not > clear in implementation(user end). So i studied the Auth and ACL > component in core cake (libs) and i saw the _create,_delete (CRUD) > permission is set in Auth. Then I understood that RMAC implementation > is different from Core ACL which uses aros_acos table. My doubt with > the RMAC plugin is this.. Does every record will have an extra entry > in the permission table? Can anyone give an example of this full > working of the RMAC code, with more than two or three model (tables) > with tree level access (roles) including every entry in the permission > table. Can I able to use both the ACL plugin and RMAC plugin together? > > I am also planing to have own interface for the ACL, both action > level and record level. I am not sure if this will be continued since > i work for a company and they asked so. It could be dropped any time. > A basic layout as follows in a word docs. > > https://docs.google.com/document/d/1VGkvtvZk3fuST_pgn1q0sfhtvgka1NCTY... > > This is very basic and it could be non feasible (funny :D). -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Record level ACL
Dear group, After i used ACL plugin by Alaxos (http://www.alaxos.ch/blaxos/pages/ view/plugin_acl) i wanted to have a ACL at each record level. That is, a user's record need not be shown to the non-Creator. I started to understand the concept of record level ACL from this thread. http://groups.google.com/group/cake-php/browse_frm/thread/886fe37ecbcd1efc After downloading those code from those given links about RMAC i tried to implement it. But I am stuck. So i started to read that code (behaviour, [path]/app/plugin/permissionable/models/behaviors) i understood that its the callback function that does all. Especially the bit checking in _getPermissionQuery function. But I am still not clear in implementation(user end). So i studied the Auth and ACL component in core cake (libs) and i saw the _create,_delete (CRUD) permission is set in Auth. Then I understood that RMAC implementation is different from Core ACL which uses aros_acos table. My doubt with the RMAC plugin is this.. Does every record will have an extra entry in the permission table? Can anyone give an example of this full working of the RMAC code, with more than two or three model (tables) with tree level access (roles) including every entry in the permission table. Can I able to use both the ACL plugin and RMAC plugin together? I am also planing to have own interface for the ACL, both action level and record level. I am not sure if this will be continued since i work for a company and they asked so. It could be dropped any time. A basic layout as follows in a word docs. https://docs.google.com/document/d/1VGkvtvZk3fuST_pgn1q0sfhtvgka1NCTYX4dIB_b2fA/edit?hl=en_US This is very basic and it could be non feasible (funny :D). -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: containable, bindModel, and record-level ACL (oh my!)
As usual, I was forgetting basic stuff. Notably the 'joins' option.
Also, in my confused pecking away at this, I was trying to join the
Aro also, but that query couldn't work (this was just the latest of
various things I'd tried). Here's how I got it to work after the clue
fairy dropped in:
groups controller:
$group_aro = $this->Acl->Aro->find(
'first',
array(
'conditions' => array(
'model' => 'Group',
'foreign_key' => $group_id
),
'recursive' => -1
)
);
$volume_nodes =
ClassRegistry::init('Volume')->threadedWithGroupPerms($group_aro['Aro']['foreign_key']);
Volume.php:
public function threadedWithGroupPerms($group_aro_id)
{
return $this->find(
'threaded',
array(
'recursive' => 1,
'fields' => array('*'),
'joins' => array(
array(
'table' => 'acos',
'alias' => 'Aco',
'type' => 'inner',
'conditions'=> array(
'Aco.model' => 'Volume',
'Aco.foreign_key = Volume.id'
)
),
array(
'table' => 'aros_acos',
'alias' => 'Permission',
'type' => 'inner',
'conditions'=> array(
'Permission.aco_id = Aco.id',
"Permission.aro_id =
${group_aro_id}"
)
)
)
)
);
}
This works great. I now have a nicely-formatted Volume tree (a
thousand thank-yous to ad7six for the TreeHelper, which is far better
than my own pokey version) that includes the Group's permissions for
each.
As I said earlier, this is for an admin view, and won't be seeing a
lot of action, so I'm not very concerned about performance. It works a
treat, in any case. The entire Volume tree is displayed, with controls
for grant/deny. My app only requires Acl betwen these 2 Models, so
this is probably sufficient for my needs, but this could probably be
abstracted somewhat.
On Mon, Apr 6, 2009 at 11:32 PM, brian wrote:
> I have a model, Volume, for which I want to limit access from Group,
> using record-level ACL. Volume is also stored using MPTT
> (TreeBehavior). So far, I've been able to create the entries in aros,
> acos, & aros_acos.
>
> Now, what I need to do is figure out a way to display the Volume tree
> (easy) but, along with the Volume threaded data, fetch each Volume's
> permissions wrt a specific Group. This is so that an admin can see at
> a glance which Volumes a Group has access to by queerying against a
> specific Group. I plan on using this tree to grant/deny access.
>
> I can grab the Aco key for each Volume but can't figure out how to get
> from that to the Group's permissions. The following code leaves me
> with the proper tree and, for each Volume, its Aco. But there's no
> join applied for Permission (aros_acos) nor Aro.
>
> Anyone have any ideas?
>
> $this->bindModel(
> array(
> 'belongsTo' => array(
> 'Aco' => array(
> 'foreignKey' => false,
> 'conditions' => array(
> 'Aco.model' => 'Volume',
> 'Aco.foreign_key = Volume.id'
> )
> )
> )
> )
> );
>
> $filters = array(
> 'fields' => array(
> 'Volume.id',
> 'Volume.parent_id',
> 'Volume.lft',
> 'Volume.rght',
> 'Volume.name',
> ),
>
containable, bindModel, and record-level ACL (oh my!)
I have a model, Volume, for which I want to limit access from Group,
using record-level ACL. Volume is also stored using MPTT
(TreeBehavior). So far, I've been able to create the entries in aros,
acos, & aros_acos.
Now, what I need to do is figure out a way to display the Volume tree
(easy) but, along with the Volume threaded data, fetch each Volume's
permissions wrt a specific Group. This is so that an admin can see at
a glance which Volumes a Group has access to by queerying against a
specific Group. I plan on using this tree to grant/deny access.
I can grab the Aco key for each Volume but can't figure out how to get
from that to the Group's permissions. The following code leaves me
with the proper tree and, for each Volume, its Aco. But there's no
join applied for Permission (aros_acos) nor Aro.
Anyone have any ideas?
$this->bindModel(
array(
'belongsTo' => array(
'Aco' => array(
'foreignKey' => false,
'conditions' => array(
'Aco.model' => 'Volume',
'Aco.foreign_key = Volume.id'
)
)
)
)
);
$filters = array(
'fields' => array(
'Volume.id',
'Volume.parent_id',
'Volume.lft',
'Volume.rght',
'Volume.name',
),
'contain' => array(
'Aco' => array(
'fields' => array('Aco.id'),
'Permission' => array(
'Aro' => array(
'conditions' => array(
'Aro.model' => 'Group',
"Aro.foreign_key = ${group_id}"
)
)
)
)
)
);
return $this->find('threaded', $filters);
The returned array is like:
Array
(
[0] => Array
(
[Volume] => Array
(
[id] => 1
[parent_id] =>
[lft] => 1
[rght] => 171
[name] =>
)
[Aco] => Array
(
[id] => 2
)
[children] => Array
(
...
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
