Re: ACL RBAC

Fri, 09 Dec 2011 08:11:27 -0800 

A coworker just clued me in and this is the final statement in
AppController::beforeFilter()


    function beforeFilter()
    {
        /*
         * check(ARO, ACO, [action])
         *
         */
        if ($this->Acl->check(array('model' => 'Group', 'foreign_key'
=> $this->Session->read('Auth.User.group_id')), $this->name, '*'))
        {
            var_dump('Allowed');
        }
        else
        {
            var_dump('Not Allowed');
        }
    }


On Dec 9, 10:11 am, RhythmicDevil <[email protected]> wrote:
> Hi all, I am working on implementing RBAC using ACL. I am really close
> but I am getting an error and I am hoping you can shed some light on
> it. I have pasted my entire ACO and ARO trees below for reference.
>
> When I run the following using the Cake console it works as expected:
>
> [swright@swright-dev app]$ cake acl check Group.4 controllers/
> Solidcores "*"
> Group.4 is allowed.
>
> *************************************************************************** 
> ************************
>
> However if I do this in my AppController::beforeFilter():
>
> var_dump('Acl Check Result',
>       $this->Acl->check(
>           'Group.' . $this->Session->read('Auth.User.group_id'),
>           'controllers/' . $this->name,
>           "*"
>         )
> );
>
> *************************************************************************** 
> ************************
>
> I get the following output in my browser:
>
> Warning (512): DbAcl::check() - Failed ARO/ACO node lookup in
> permissions check.  Node references:
> Aro: Group.4
> Aco: controllers/Solidcores [CORE/cake/libs/controller/components/
> acl.php, line 273]
>
> string 'Acl Check Result' (length=16)
>
> boolean false
>
> *************************************************************************** 
> ************************
>
> Shouldn't I get the same result?
>
> *************************************************************************** 
> ************************
> ARO and ACO Tree dumps
>
> [swright@swright-dev app]$ cake acl view aro
> Aro tree:
> ---------------------------------------------------------------
>   [1] Group.4
>     [4] User.4
>     [7] User.7
>   [2] Group.5
>     [5] User.5
>   [3] Group.6
>     [6] User.6
> ---------------------------------------------------------------
> [swright@swright-dev app]$ cake acl view aco
> Aco tree:
> ---------------------------------------------------------------
>   [1] controllers
>     [2] Pages
>       [3] display
>       [4] add
>       [5] edit
>       [6] index
>       [7] view
>       [8] delete
>     [9] AnalystUi
>       [10] index
>       [11] add
>       [12] edit
>       [13] view
>       [14] delete
>     [15] ThreatCenter
>       [16] index
>       [17] add
>       [18] edit
>       [19] view
>       [20] delete
>     [21] GtiData
>       [22] index
>       [23] add
>       [24] edit
>       [25] view
>       [26] delete
>     [27] PocDemos
>       [28] index
>       [29] add
>       [30] edit
>       [31] view
>       [32] delete
>     [33] Projects
>       [34] index
>       [35] add
>       [36] edit
>       [37] view
>       [38] delete
>     [39] Products
>       [40] index
>       [41] add
>       [42] edit
>       [43] view
>       [44] delete
>     [45] Users
>       [46] login
>       [47] logout
>       [48] index
>       [49] view
>       [50] add
>       [51] edit
>       [52] delete
>     [53] Wam
>       [54] index
>       [55] add
>       [56] edit
>       [57] view
>       [58] delete
>     [59] Solidcores
>       [60] index
>       [61] processed_count
>       [62] performance
>       [63] add
>       [64] edit
>       [65] view
>       [66] delete
>     [67] ThreatVectors
>       [68] index
>       [69] add
>       [70] edit
>       [71] view
>       [72] delete
>     [73] Botnets
>       [74] index
>       [75] add
>       [76] edit
>       [77] view
>       [78] delete
>     [79] Tests
>       [80] index
>       [81] add
>       [82] edit
>       [83] view
>       [84] delete
>     [85] Groups
>       [86] index
>       [87] view
>       [88] add
>       [89] edit
>       [90] delete
>     [91] Main
>       [92] index
>       [93] add
>       [94] edit
>       [95] view
>       [96] delete
>     [97] GtiApi
>       [98] index
>       [99] add
>       [100] edit
>       [101] view
>       [102] delete
>     [103] Resources
>       [104] index
>       [105] add
>       [106] edit
>       [107] view
>       [108] delete
>     [109] Environments
>       [110] index
>       [111] add
>       [112] edit
>       [113] view
>       [114] delete
>     [115] Operations
>       [116] index
>       [117] add
>       [118] edit
>       [119] view
>       [120] delete
>     [121] Reports
>       [122] index
>       [123] add
>       [124] edit
>       [125] view
>       [126] delete
>     [127] GtiSdk
>       [128] index
>       [129] add
>       [130] edit
>       [131] view
>       [132] delete

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
[email protected] For more options, visit this group at 
http://groups.google.com/group/cake-php
  • ACL RBAC RhythmicDevil
    • Re: ACL RBAC RhythmicDevil

Reply via email to