Hi Apprentice,
There are 2 aspects to consider,
1) Setting up the ACL rules
2) Checking if someone has access
>From your first message, assuming that you donĀ“t have vast numbers of
users:
1.1 AROs)
You need a structure something like this:
PUBLIC
USERS
random_name
MODS
friend_name
ADMIN
your_name
You can play with your aro structure here:
http://www.noswad.me.uk/AclAdminDemo/aros, if there is no similar
looking tree click the "load from user table" link at the bottom of the
page to get some data. Remember that an aro is a representation of a
user/group it is not in itself a user/group - i.e. a user and an aro
are rows in different tables in the db.
1.2 ACOs)
there is a plugin on my site that I will use here as an analogous
example. If you install the AclAdmin plugin in your own application,
the aco options will reflect the controllers and methods you have
defined yourself. Follow these steps to 'initialize' the acl demo data
so that it looks similar to what you are wanting:
go here: http://www.noswad.me.uk/AclAdminDemo/Acos/page_view and delete
the root node. (delete all existing acos and their rules)
go here: http://www.noswad.me.uk/AclAdminDemo/acos and click "global"
for "demo1". (create one aco for this plugin - do it for your app on
yoru own site.)
go here: http://www.noswad.me.uk/AclAdminDemo/acos and click "granular"
for "titles". (create an aco for the controller and one aco for each
method)
go here: http://www.noswad.me.uk/AclAdminDemo/Acos/data_view and you'll
see a tree representing the things that you can now control
So, title is equivalent to post, and there is an aco for editing,
deleting etc. a title.
1.3 ACL rules)
go here: http://www.noswad.me.uk/AclAdminDemo/permissions
Navigate to the group "ADMIN" and allow access to ROOT. This means that
any one under ADMIN has the right to access or do everything.
Navigate to the group "MODS" and allow access to demo1:titles:edit.
This means that any one under MODS has the right to edit titles.
Define any other rules you might want (such as PUBLIC can view/index)
At that you have all the building blocks in place.
2) Checking Access
Something similar to the code in
http://www.noswad.me.uk/MiBlog/ACLPart1 is what you want, with one
minor change. One of your requirements is that users can edit their own
posts - you can do this via acl but you don't need to. In your posts
controller define the method _checkACL such that if the action is edit
and the current user is the post owner - bypass the acl check.
Something like:
function _checkACL ($aro) {
if (low($this->action)=='edit') {
$data = $this->Post->read();
if ($data['Post']['member_id'] <>
$this->Session->read("Member.id"))
{
$this->_accessDenied($aro,"Post:Edit:".$this->Post);
}
} else {
return parent::_checkACL($aro);
}
}
And that's that.
I hope that is useful, at least in prompting some "oh yeah I can.."
thoughs,
AD7six
Please note:
The manual/bakery is a good place to start any quest for info.
The cake search (at the time of writing) erroneously reports less/no
results for the google group.
The wiki may contain incorrect info - read at your own risk (it's
mainly user submitted) :)
You may get your answer quicker by asking on the IRC Channel (you can
access it with just a browser here: http://irc.cakephp.org).
On Nov 5, 12:45 am, "Apprentice" <[EMAIL PROTECTED]> wrote:
> Hi Zheka,
>
> Thank you for hint.
>
> I've read them a few days ago but still can't catch the essence. If you
> have cleare view, please share with me. Thank you in advance.
>
> Apprentice.
>
> On Nov 4, 9:22 pm, "zheka" <[EMAIL PROTECTED]> wrote:
>
> > you may find these
> > usefulhttp://www.noswad.me.uk/MiBlog/ACLPart1http://www.noswad.me.uk/MiBlog...
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Cake PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
