After struggling a bit with Auth, especially in terms of doing "role"
or "group" authentication, I thought I would post what I found out.
Basically each user belongs to a group ("admin", "calibration",
etc...) and I wanted to set the authorized controller functions for
each group in each individual controller.
I'll assume you have successfully built a user table & model with
username/password at this point. ( see
http://book.cakephp.org/view/172/Authentication
).
Next add the beforeFilter function to the app controller:
Auth->loginRedirect = array('controller'=>'pages',
'action'=>'display', 'home');
$this->Auth->logoutRedirect = array('controller'=>'pages',
'action'=>'display', 'home');
$this->Auth->allow('display');
$this->Auth->authorize = 'controller';
// store info for access in other controllers
$auth_id = $this->Auth->user('id');
$this->set('logged_in', $auth_id);
if ($auth_id) {
$this->auth_role = $this->User->getRole( $auth_id );
// do this so we can use these in default.ctp
$this->set('auth_username',
$this->Auth->user('username'));
$this->set('auth_role', $this->auth_role );
}
}
}
?>
What I have done is add a field called "role" to the user table. In my
user model, I defined a function called getRole to retrieve the role
based on a user id. Again getRole does not exist by default, you have
to make it. I declared $auth_role as a controller property so that it
can be accessed in all child controllers through $this->auth_role. We
will need this for when we add the logic to control access based on
the user role.
the set statements are used so that I can display the current user and
his role in the default.ctp layout, at the top of the page. At this
point we have only given access to non-logged on users to "display"
pages (such as home.ctp), all controller functinos will be blocked
off. Logged on users will have access to everything.
For more control over which roles have access to what, do something
like this in each controller:
auth_role == "admin" ) {
if ( $this->action == "f1" ) { return true; }
if ( $this->action == "f2" ) { return true; }
}
if ($this->auth_role == "calibration" ) {
if ( $this->action == "f1" ) { return false; }
if ( $this->action == "f2" ) { return true; }
}
return false;
}
function f1() {
}
function f2() {
}
}
?>
Basically, add an entry for each controller method under each role in
the isAuthorized method. Return true for access, false for no access.
$this->action maps out to the method that's being called in the
controller.
In the example above, any users in the admin role/group will have
access to f1 & f2, whereas the calibration role/group will only have
access to f2.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
