Hi Tariqu
This implies heavily that limiting the number of Acos is the key. Can
you give an example of how a user may accumulate large numbers of Acos?
Yes, if you see to my previous example - getting in findAll* which
pictures/albums/categories a user is allowed to see (depending which
group she belongs to) you will soon have a large number of ACOs
That's true, if users are able (and likely) to belong to many groups
that have lots of nesting.
In my system that will never happen, as the business rules and nature of
the system limit the number of Acos per user.
I think that you are probably right. The question then becomes: is this
a problem? If so, why is it a problem?
The problem for me is what would be a DRY way to do this. I very
easily can do it the usual way by adding criteria to findAll or even
some funky bindModel stuff, but this way there is access restriction
code in almost every controller / model.
A valid point. I had thought about looking into redeclaring the find
functions so that they inserting the criteria into the query
automatically. That would remove the requirement for adding the
criteria to each query in a model. It would also have the advantage of
reducing the potential for security holes.
The more I think and talk about the problem, the more I get the
impression that there really is no simple, easy solution. If we want to
have the power and flexibility of ACL, with its ability to nest groups
of AROs and ACOs then we have to pay the price for that and provide
sufficient processing power to support it.
Regards,
Langdon
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
