Re: best manual about acl witch cake

Fri, 17 Nov 2006 10:25:56 -0800 


> I particularly like the idea of having records as ACOs and not just
> controller/actions as ACO as is mostly believed.
>
> Have been toying about with ACL and related issues I was thinking of
> making controller:action:id as ACOs but I like the idea of model:id as

yes it's a very good idea ! naturaly,is check permisions for id of
recrods  !

its my sample method for othAuth for check owner record..
function _isOwner($obiect,$element,$client=0){
          //sprawdzamy czy istenieje id uzytkownika
                if(is_numeric($client) && $client > 0){

                        if($obiect=='users'){
                                $sql=mysql_query("SELECT id FROM ".$obiect."
                                                                        WHERE 
id='".$element."' LIMIT 1");
                        }else{
                                        $sql=mysql_query("SELECT id, user_id 
FROM ".$obiect."
                                                                        WHERE 
id='".$element."' LIMIT 1");
                        }

                        //sprawdzamy czy istenieje obiekt
                        if(@mysql_num_rows($sql)>0){
                                $row=mysql_fetch_array($sql);
                                if ($obiect=='users') $row['user_id']=0;

                                //sprawdzamy czy wlascicielem jest uzytkownik
                                if ($row['user_id']==$client || 
($row['user_id']==0 &&
$row['id']==$client)){
                                  return 1;
                                  exit;
                                }else{

                                        
if(up($this->group('name'))=='ADMINISTRATOR' ||
up($this->group('name'))=='MODERATOR'){
                                                        return 1;
                                                        exit;
                                                }

                                                //echo '3';
                                                        return 0;


                                        }


                                }else{

                                                //echo 
'2:'.$obiect.':'.$element.':'.$client;
                                        return 0;

                                }

                }else{
                        //echo '1';
                        return 0;

                }
        }

    function _othCheckPermission(&$ses,$multi = false)
    {
        //die('c');
        uses('inflector');

        $c   =
strtolower(Inflector::underscore($this->controller->name));
        $a   = strtolower($this->controller->action);
        $h   = strtolower($this->controller->here);  $perm_parts =
explode('/',$sp_name);
        $c_a = $this->_handleCakeAdmin($c,$a);//
controller/admin_action -> admin/controller/action

        if($a=='edit' || $a=='delete'){

                // full params check isn't supported atm
                        $sp_name = strtolower($h);
                $perm_parts = explode('/',$sp_name);


if(!$this->_isOwner($c,$perm_parts[3],$ses["{$this->user_model}"]['id'])){

                        return false; 
                } 
                        
              
        }


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups 
"Cake PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to