Hopefully these aren't lame questions. Believe me, I've spent lots of
time reading every tutorial I can find and lots of threads on this
group. I still have a few questions though.
1. Many of the implementations of user groups in ACL have a UserGroup
model (User belongsTo UserGroup), which is then followed through in
the AROs table. Isn't this just duplication? Should I not just save
userGroups into the AROs table and be done with it? You can still edit
group names by directly manipulating the record in ARO, no? Granted
that you can't add extra fields, such as description, but if I'm
simply storing a group name AND using aros_acos to test the group's
permissions, shouldn't this suffice?
2. Is there any reason that the ARO tree isn't stored in the Auth
Session on login, to save having to call it on every page view?
3. Am I right in thinking that CRUD-based authorisation doesn't allow
you to restrict the whole admin site (i.e. admin_index, admin_view
etc) to an administrators group? For this actions-based authorisation
is what you need?
4. When using plugins the $this->params['controller] variable isn't
set if you use the default controller, e.g. the 'posts' controller in
the 'posts' plugin, with the route /posts/view. This causes Auth-
>isAuthorized() to break.
Is this the best way to fix this problem this (in AppController
beforeFilter function), or is there a better way?:
if(!$this->Auth->params['controller']) { $this->Auth-
>params['controller'] = $this->params['plugin']; }
Thanks for any help!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
