why not try use phpgacl..there is plugin component for cake.. On May 29, 2011 3:21 AM, "dreamingmind" <[email protected]> wrote: > Michael, > > Non-expert reply: > After fiddling with ACL for a while I'll say, yes it can do all you > want. The aco entries can represent anything you want them to, > controllers, actions, individual db records, tabes, urls... Aros can > likewise represent anything you choose, users, controllers, actions, > ip adresses... > > The permission table will hook up the allowable combinations. And > since both aros and acos are in a tree structure you can set up any > grouping or nesting that serves your needs. > > It is worth noting that there are two ways to identify an aro or aco > node, by alias or by table and id. Ponder the value of these two ways > of identifying a requestor or controlled item. > > As to the specifics of implementing your system... I can't be too > specific because I'm stilling trying to sort this out. It seems you > can always resort to a kind of brute force approach. At the critical > point in your logic you test: does this aro have permission to access > this aco? > > This is the area where I find the tutorials a bit vague. They assume > that there is always going to be a standard pattern for testing. User > to action or user to crud function on a table. Possibly because my > thinking is too fuzzy to build my apps cleanly or possibly because > this ideal situation is not realistic, I have found it a bit confusing > decide what testing mode to use and where to have the checks made. > > You are probably going to need to build some before and after save > code to make sure proper permissions are set up as things grow. A > simple case from tutorials: when a user registers, the save code could > make the new user aro record and an aco entry and give them permission > to access their own db record. > > In your case, the work product of a company employee on a project > might need to be listed as a child aco in a collection that was > accessible to managers of that company. > > Regards, > Don > > On May 28, 3:54 pm, mivogtGermanyLU <[email protected]> wrote: >> Hi there, >> >> after spending some hours of reading the chapert about acl/aro/acro in the >> cake books and the cake homepage I am still or even more confused about the >> topic. >> I understood the meaning of a tree containing the rights but I am absolute >> not sure about if it matches my needs or even on how to realize it in my >> app. >> >> So any helping comment is welcome. Linked full tutorials would be great, >> too. >> >> My app consists of a set of MVC stuff to register services grated by users >> to be manged from users to be done by users for users with some hierachy in >> background. >> So there needs to be a superadmin to setup the users in all levels >> I need granters to grant projects >> I need some to set up the jobs getters and workers >> etc >> >> and in the meaning of some safety the i.e. workers shokld not be able to >> change or delete granted jobs etc >> >> so basically I need to limit the actions/views allowed to a specific logged >> in users (after login using auth component) >> secondly I need to limit the datasets shown to a user based on his role and >> the linked models content >> >> i.e. >> 2 company are granting services to be done for customers with no need to >> know each other or the others customers >> if a company grants a service for a customer a service-company is named to >> fullfill it. So the C sets up the job to be done and the company to do the >> job >> The servicecompany will have staffs getting some kind of tickes with jobs to >> be done and the staff will need to fill a timereport linked to a granted job >> (containing the job_id dthe granterid, the service_id datwe,time etc) with >> the limitation he wont be able to see jobs done for the customer by others >> ... >> >> to me it looks a bit difficult to split it up into roles only >> maybe I need some kind of data-limiting functions, too. Any chance to get it >> done by the acl or will I need to add some conditions in my find() inside >> the controllers? >> >> Thanks in advance >> >> Michael > > -- > Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
-- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
