I entered the ACL recipe in the CakePHP 1.3 Application Development
Cookbook.
I have a user andy belonging to a group user and I have a category
table on which I try to deny delete and update:
cake acl create aco controllers Categories
cake acl deny Group.3 controllers/Categories delete
cake acl
Hi Bryan,
This won't answer your question precisely, as I'm not sure where you
can find such a tutorial, but I have written a plugin that may help
you in your application: it is a plugin that allows to manage ACL
roles and users permissions on controllers' actions. And it supports
plugins'
Hello,
Is there any tutorial the can teach us to use the acl to set
permissions to plugins?
Let say...
Role 1
Role 2
Role1 access
- plugin 1
- plugin 1 / controller 1
- plugin 1 / controller 1 / action 1
- plugin 1 / controller 1 / action 2
- plugin 1 / controller 2 / action 1
- plugin 1
Hi,
I was wondering if it's possible to use ACL in model instead of the
controller.
Let's say I have fat models and I have model method change_status.
Now, in my controllers I may invoke $mymodel-change_status on couple
of places and I don't want to check if user is authorized to do
change_status
I think that would best be left to the controller. Think of what the C
in ACL stands for.
To avoid repeating code, create a protected method _changeStatus() and
check there if the User is allowed.
On Mar 8, 3:39 pm, sawa sava.ra...@gmail.com wrote:
Hi,
I was wondering if it's possible to use
I believe the proper MVC way to do it is to do the check in your
controller and set the variables for you view. So in your controller
you might have something like this:
if ($this-Acl-check(your acl info)) {
$this-set('admin', true);
}
Then in your view you would simple check the $admin
Similiar to what I had in mind, thanks for the input nevertheless :)
*thumbs up*
Jacek
Stinkbug pisze:
I believe the proper MVC way to do it is to do the check in your
controller and set the variables for you view. So in your controller
you might have something like this:
if
Hello all,
just happily finished setup of group-based ACL in my app, thanks to
brilliant tutorial on Cake site.
Nevertheless, despite looking around I haven't found any way (known to a
noob like me) to use a function similiar to $this-Acl-check() in View,
for, say, hiding certain sections of
I want to setup a site where there are 2 authorized pages and what to know
what the best approach would be? To use the ACL and Auth component or just
Auth.
The site is pretty basic with 2 core pages:
User/Profile: where users can view/edit their profile when logged in
Posts: where logged in
if there's only one type of users e.g. admin and you just check wether
user is logged in, then Auth is enough for you.
On Feb 25, 7:16 pm, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
I want to setup a site where there are 2 authorized pages and what to know
what the best approach
Hi there,
I've been investigating the skinny-controller, fat-model concept
within the CakePHP framework and wondering what the general thoughts
are to using ACL components inside a model.
In my particular setup, when a record is created (let's call it Book)
the associated chapters that reside
Thanks for your reply,
Your description would enable people to work; however, if I have
understood correctly, it relies on specifying permissions for
individual users to override group permissions. This rather seems to
me to then lose a lot of the advantage of using ACL.
My original question
When Auth checks the Acl tables to give permission, it is using an
Alias based on the Controller/action pair.
Thus, for each forum, you are going to be required to create unique
Controller/action strings. For example, for the part where people
talk about cars, your aliases might look like this:
Hello to all,
I am keen to use ACL in my application. However, the requirement that
users only be in one group seems to me to be a massive obstacle.
As an example, imagine there is a bulletin board application with many
forums. Each forum will have members, moderators and administrators.
An
Sorry, I posted that too early. Let me try again:
When Auth checks the Acl tables to give permission, it is using an
Alias based on the Controller/action pair -- if you are using Auth
under 'actions' mode.
Under 'crud' mode, it checks for an alias using just the Controller
name.
Thus, for each
Hi guys
I'm working on a project using an API instead of models. basically, my
cakephp app query the database through the API instead of doing it
directly through models. Now i'd like to setup cakephp ACL to manage
rights. do you know if it's possible to do this whithout model ?
I am writing an application that has three user groups: admin, user,
and photo manager. I want all three to have basically the same
interface, but admins will obviously have more things available to
them (ability to add things, edit things, etc), photo managers will be
allowed to add / edit
Correction: I'm just wondering what the best way to
go about displaying the menu to my uses is should read:
I'm just wondering what the best way to
go about displaying the menu to my users is.
On Jan 16, 2:13 pm, Luke [EMAIL PROTECTED] wrote:
I am writing an application that has three user
On Jan 16, 11:13 pm, Luke [EMAIL PROTECTED] wrote:
I am writing an application that has three user groups: admin, user,
and photo manager. I want all three to have basically the same
interface, but admins will obviously have more things available to
them (ability to add things, edit things,
like 3 different menu.ctp files (menu-admin.ctp, menu-manager.ctp, and
menu-default.ctp) ?
On Jan 16, 2:47 pm, AD7six [EMAIL PROTECTED] wrote:
On Jan 16, 11:13 pm, Luke [EMAIL PROTECTED] wrote:
I am writing an application that has three user groups: admin, user,
and photo manager. I want
On Jan 17, 1:47 am, Luke [EMAIL PROTECTED] wrote:
like 3 different menu.ctp files (menu-admin.ctp, menu-manager.ctp, and
menu-default.ctp) ?
Yes, thats what AD7six meant. :-)
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the
Hello,
i am trying the IBM tutorial no 2 and have a problem, when using the
function $aro-create(...) in my register action.
After clicking the register button, I get an Error 404. If I comment
out the $aro-create() the redirect is successful.
Here's the code:
class UsersController extends
I am just looking into it for the first time... it would be great to
get a solid tutorial on it on the cakephp site... Perhaps they'll get
to that when 1.2 goes stable.
thanks,
-alan-
On May 10, 12:25 pm, Tribastian [EMAIL PROTECTED] wrote:
On 26 Apr., 07:09, [EMAIL PROTECTED] [EMAIL
Hey guys, near as I can tell... ACL is not yet functional in 1.2,
unless it was finished in the last release (1.2.0.5137alpha)
cook
On May 23, 10:09 am, alan [EMAIL PROTECTED] wrote:
I am just looking into it for the first time... it would be great to
get a solid tutorial on it on the
On 26 Apr., 07:09, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I was just wondering if anyone is successfully using cakephpAcland
the new AuthComponent in 1.2?
If so, could you give us mortals some guidance in setting it up? It
looks as thoughAclhas changed significantly from 1.1.
Here is
One more note to add: The end result for this site is to simply
restrict anything under the admin route, to a group of admins.
Everything else is web accessible. I realize that acl is serious
overkill for such a simple task, I'm using it here to learn more about
acl in 1.2 before using it in
I was just wondering if anyone is successfully using cakephp Acl and
the new AuthComponent in 1.2?
If so, could you give us mortals some guidance in setting it up? It
looks as though Acl has changed significantly from 1.1.
Here is some of what I have managed to peace together so far...
//add
Hello,
This may be bit OT now and should belong under Tree Traversal
Methods, however I just wanted to maintain a coherent thread so that
I can easily find it later on.
I have been looking back at the top of this thread to see if I missed
anything at the same time I kept looking back as to why
Thanks for the explanation Nimrod. Interesting reading.
Langdon
This may be bit OT now and should belong under Tree Traversal
Methods, however I just wanted to maintain a coherent thread so that
I can easily find it later on.
--~--~-~--~~~---~--~~
You
Hi abing and all,
I heard on the grapevine that the acl code is currently being
refactored, so some of what I write below may be obsolete before too
long.
On Jan 3, 4:09 am, Nimrod A. Abing [EMAIL PROTECTED] wrote:
snip
I have tried using a stack-based algorithm instead of recursion, but
Hi abing and all,
On Jan 3, 12:50 pm, Nimrod A. Abing [EMAIL PROTECTED] wrote:
snip
Will this be available on the 1.2 or 1.1 branch or both?
I assume 1.2 only.
snip
http://www.sitepoint.com/print/hierarchical-data-database
I maintain that recursion isn't necessary to display MPTT tables.
Hello,
On 1/3/07, AD7six [EMAIL PROTECTED] wrote:
Hi abing and all,
On Jan 3, 12:50 pm, Nimrod A. Abing [EMAIL PROTECTED] wrote:
snip
Will this be available on the 1.2 or 1.1 branch or both?
I assume 1.2 only.
Oh well, I might as well port my CMS to 1.2. A lot of the new stuff in
1.2
I was monitoring the other thread you started and I was not aware of
this new thread. Anyway, just read my last two replies to your
original thread to get a picture of what I am trying to use MPTT for.
I took a recursive approach for rebuilding tree traversal data for
reasons described in my
I don't have that book. But the best link that I can find about the
subject (with an example in Access 2000) is here:
http://www.mvps.org/access/queries/qry0023.htm
I'm not on Windows right now and I haven't looked into it yet to see
if this is what you mean.
On 1/3/07, Dr. Tarique Sani
). Obviously this doesn't use
ACL at all, but then ACL isn't always the right solution.
2) Using ACL and cheating.
What do I mean?
Consider wanting to find all albums that Bob can access.
First see if Bob has access to Albums in general, by checking if he has
access to the ACO parent for all albums
Here you go:
http://groups-beta.google.com/group/cake-php/browse_thread/thread/263d3ffd6fb7533d
I need to get back to work :) I'll keep monitoring both threads for
any new developments. I'll also be taking a look at implementing the
alternative tree traversal method that I pointed out. When I
Thanks Nimrod, I forgot that I changed the subject line ...
Here you go:
http://groups-beta.google.com/group/cake-php/browse_thread/thread/263d3ffd6fb7533d
I need to get back to work :) I'll keep monitoring both threads for
any new developments. I'll also be taking a look at implementing
solution.
I would bet my money on a non ACL approach for limiting access to
multiple records/sets and using ACL for things which operate on a
single records
So you end up with a part which is application specific and a part
which is ACL dependent and generic
2) Using ACL and cheating.
What do I
Hi Tariqu
This implies heavily that limiting the number of Acos is the key. Can
you give an example of how a user may accumulate large numbers of Acos?
Yes, if you see to my previous example - getting in findAll* which
pictures/albums/categories a user is allowed to see (depending which
On 1/2/07, Langdon Stevenson [EMAIL PROTECTED] wrote:
The more I think and talk about the problem, the more I get the
impression that there really is no simple, easy solution.
And that is what I am not ready to accept as yet ;-) but the sinking
feeling is there.
Cheers
Tarique
--
The more I think and talk about the problem, the more I get the
impression that there really is no simple, easy solution.
And that is what I am not ready to accept as yet ;-) but the sinking
feeling is there.
Perhaps it's a matter then of more horse power? It would be interesting
to do a
I've been thinking about this for a while (and am going to have to *do*
it in the next week or two:).
I plan to specify a 'securing_attribute_name' for each model - set to a
default false in AppModel. For your example, the the securing attribute
may be 'group_id' on an Album or 'Album.group_id'
On 1/2/07, Langdon Stevenson [EMAIL PROTECTED] wrote:
What we seem to be talking about is creating an entirely new method of
defining and retrieving our security information hierarchy, something
different to modified preorder tree traversal.
MPTT can't be and should not be abandoned - we have
=
Hi All,
I just finished a working version of an access control component that
would allow you to define owner delete, owner view, owner edit
etc. using ACL without defining a rule for each actual aco, or even
creating each aco.
The code
On 1/3/07, Dr. Tarique Sani [EMAIL PROTECTED] wrote:
On 1/2/07, Langdon Stevenson [EMAIL PROTECTED] wrote:
What we seem to be talking about is creating an entirely new method of
defining and retrieving our security information hierarchy, something
different to modified preorder tree
Hi Nimrod
This discussion has peaked my interest in MPTT implementations. I am
working on an object system for a CMS based on CakePHP and the object
tree is implemented using MPTT. I did a textbook implementation of
the thing, which means using a recursive algorithm to reorder the tree
On 1/3/07, Langdon Stevenson [EMAIL PROTECTED] wrote:
This discussion has peaked my interest in MPTT implementations. I am
working on an object system for a CMS based on CakePHP and the object
tree is implemented using MPTT. I did a textbook implementation of
the thing, which means using a
Nice implementation - which I am sure will fit very well where the
data structure is similar to the one you have, that is where data
belongs to groups.
Would love to hear more thoughts from more people - on access control
for data in a massively multi-user systems built using cakePHP
Cheers
Hi Tarique
Nice implementation - which I am sure will fit very well where the
data structure is similar to the one you have, that is where data
belongs to groups.
Would love to hear more thoughts from more people - on access control
for data in a massively multi-user systems built using
On 1/1/07, Langdon Stevenson [EMAIL PROTECTED] wrote:
Can you elaborate on your requirements a little further? Perhaps I am
missing something?
Let me give a real-life example. The largest known installation of
Coppermine Picture Gallery (an Open Source project that I lead) has
more than 3
Hi Tarique
Good example.
Let me give a real-life example. The largest known installation of
Coppermine Picture Gallery (an Open Source project that I lead) has
more than 3 million pictures and approx 100,000 users.
As long as all the pictures and albums were public this was not a big
On 1/1/07, Langdon Stevenson [EMAIL PROTECTED] wrote:
This would mean no need to query Acos for findAll queries, other than at
login (at which time you select all of their Acos and store them in a
session or cache).
We will very quickly run out of memory if session is kept in memory,
if not
Hi Tarique
This would mean no need to query Acos for findAll queries, other than at
login (at which time you select all of their Acos and store them in a
session or cache).
We will very quickly run out of memory if session is kept in memory,
if not reading large number of ACOs from
On 1/2/07, Langdon Stevenson [EMAIL PROTECTED] wrote:
This implies heavily that limiting the number of Acos is the key. Can
you give an example of how a user may accumulate large numbers of Acos?
Yes, if you see to my previous example - getting in findAll* which
pictures/albums/categories a
Hi
I thought that I would share something that I have just developed with
the list.
My ACL implementation does a good job of limiting access to controllers
and their actions. Cake's ACL is great for checking if: Mr User (an
ARO) is allowed to access Mr Object (an ACO).
However the
Hello Langdon
This sounds great. Please let me know how to access a sample of your
code. Looking forward.
Thanks!
Devon
Langdon Stevenson wrote:
Hi
I thought that I would share something that I have just developed with
the list.
My ACL implementation does a good job of limiting access to
Hi,
This sounds along the lines of what I was planning to do. Except that I
didn't want to modify the core code, since I'd have to do the same on every
version update.
So I decided just to make my own implementation, that heavily borrow's from
cake's (not in code, just in concept).
Sounds
Hi devon
This sounds great. Please let me know how to access a sample of your
code. Looking forward.
I will put a sample together today and post it. It is still just
prototype, so I am sure that it can be improved upon.
Regards,
Langdon
Hi Brandon
This sounds along the lines of what I was planning to do. Except that I
didn't want to modify the core code, since I'd have to do the same on every
version update.
Agreed. My solution does not modify Cake core code in any way, I just
used various function in the ACL code in a
, and share your knowledge.
BAKE ON!
-Mensaje original-
De: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] En nombre
de Langdon Stevenson
Enviado el: Domingo, 31 de Diciembre de 2006 06:56 p.m.
Para: cake-php@googlegroups.com
Asunto: Re: Using ACL to limit access to data
Agreed. My
Ok, have a look at this :-)
Warning:
1. You need a solid understanding of ACL for this to make sense.
2. I am sure that this code could be improved substantially by
better programmers than me. The aim was just to make something
that worked to see if it could be done. I guess that it
The reason I ask is that I get these errors when attempting to create
new Aro:
==
Warning: mssql_query() [function.mssql-query]: message: Invalid column
name 'MAX(rght) as rght'. (severity 16) in C:\Program Files\Apache
62 matches
Mail list logo