What do you do with a user or group that does not have access to a
node? I thought that an ARO would get denied access to an ACO
automatically if the permissions had been set. When my
AppController::beforeFilter() executes I see that the ACL component is
aware that my user is allowed to see the requested resource.
If the ACL component does not automatically prevent returning that
resource and informing the user why then I suppose I am supposed to do
that. Ok thats fine, whats the best approach? My first guess is just
to prevent execution of the requested controller/action.
function beforeFilter()
{
//var_dump($this->Auth->user());
/*
* Dont check ACL if this is the Users controller and the
login in action
*/
if ($this->name != 'Users' && !in_array($this->action,
array('login', 'logout')))
{
/*
* check(ARO, ACO, [action])
*
*/
if ($this->Acl->check(array('model' => 'Group',
'foreign_key' => $this->Session->read('Auth.User.group_id')), $this-
>name, '*'))
{
var_dump('Allowed');
}
else
{
var_dump('Not Allowed');
return false;
}
}
}
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
