This would be ok, if the actions were the same for each controller.
But, I would like each user to have one set of actions for 1 controller
and a different set for another controller.
I am afraid this problem just get exponential the more users and
organizations and roles there are.....
Just thinking out loud......
what if I make the Org a requester, instead of an ACO? does this
make it easier?
or change the aro tree, so the user is the parent, and the org and org
groups/roles are the children. Does this work?
On 4/10/2012 9:45 AM, GerarD [via CakePHP] wrote:
>
> Well, I needed something with role and access for a system I was
> working on.
>
> What I did was to create a field called Access in the DB to control
> access to each Module of the system, and another field called Actions
> to control wich "actions" they could performe.
> .
> So I have 2 Modules, one called Distributors, and one called Personals.
>
> By the moment I create a user that could access Distributors, I saved
> that controllers name in the field Access as a string. But I don't
> want him to edit the info of the Distributors, just view and search.
> Well, I save a string as "view; search" in Actions.
>
> Then, in app/appController:
>
> public $components = array(
> 'Session',
> 'Auth' => array(
> 'loginRedirect' => array('controller' => '', 'action' =>
> 'index'),
> 'logoutRedirect' => array('controller' => 'users',
> 'action' => 'login'),
> 'authorize' => array('Controller') // I want to check
> every controller the user Access.
> )
> );
> and, as I can read the info from the Auth method in the appController:
>
> public function isAuthorized($user) {
> if(isset($user['role']) && $user['role'] === 'admin') { // admin
> can access all actions
> return true;
> }
> if(in_array($this->action, array('index', 'view', 'search', 'add')){
> $controller = $this->params['controller'];
> $action = $this->action;
> $allow_controllers = explode('; ', $user['Access']); //list of
> controllers in Access
> $allow_actions = explode('; ', $user['Actions']); //list of actions in
> Actions
>
> //Now we check if this user has access to the Controller
> and the Action his trying to see.
>
> if(in_array($controller, $user['Access']) && in_array($action,
> $user['Actions'])){
> return true; //he can
> }
> }
> return false; /he can't. Sorry.
> }
>
> And that's it. It's very simple but it works for me =). Now you can
> add as many controllers as you need in the future, and you won't have
> to rewrite the code. Just give access to the users you want in your
> Users Module. Hope it helps...
> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and
> help others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> [hidden email] </user/SendEmail.jtp?type=node&node=5629951&i=0> For
> more options, visit this group at http://groups.google.com/group/cake-php
>
>
> ------------------------------------------------------------------------
> If you reply to this email, your message will be added to the
> discussion below:
> http://cakephp.1045679.n5.nabble.com/Is-this-too-complicated-tp5628799p5629951.html
>
>
> To start a new topic under CakePHP, email
> [email protected]
> To unsubscribe from CakePHP, click here
> <http://cakephp.1045679.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=1255722&code=YmlsbC5zdG9sdHpAYm9vc3RlcndlYnNvbHV0aW9ucy5jb218MTI1NTcyMnwtNTU0NTk2MTUy>.
> NAML
> <http://cakephp.1045679.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
>
--
View this message in context:
http://cakephp.1045679.n5.nabble.com/Is-this-too-complicated-tp5628799p5631451.html
Sent from the CakePHP mailing list archive at Nabble.com.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
