Hi cc96ai
> I read ACL , and I understand that ACL can control the action,
> but how about group can edit certain fields
> e.g.
> product table.
> id, Name, QTY, SalePrice
>
> -Admin Can edit all the fields above
> -Saleman, only can edit on "SalePrice" field ONLY
>
> it means, admin have FULL edit right
> but salesman only has partial edit right
>
> should I set this rule in the VIEW , or i can do it controller or
> ACL ?
I wondered if you might ask this question :-) I haven't needed to do it
myself, however, I came across this functionality in Ruby On Rail a
while ago and thought it was rather neat.
It then occurred to me that it would be quite easy to achieve with
Cake's ACL. I think that my approach would be as follows:
1. Make a hierachial set of Acos for each field of each model giving you
something like this:
- null, model
- model, product
- product, id
- product, name
- product, qty
- product, saleprice
- product, buyprice
Note that this is a separate "group" of Acos from the action Acos. I do
it this way with data just to make management of the Acos easier. There
may be some performance benefits too as I expect that it will reduce
recursive queries.
2. Now you can assign access to these Aros as you normally would for an
action. If you use Cake ACL's create, read, update, delete functions
you can give yourself very fine grained control over who can do what to
each field. For instance, you could allow a salesman to view the name,
but not edit it, and edit the saleprice. You could also prevent a
"customer" user (looking at your online catalog for instance from seeing
the buyprice at all.
3. In my application I have created a helper called secureHtml that I
use to control access to links in my app. You could do the same thing
and implement each of the html controls that you want security on.
Below is the code from my secureHtml helper. It does the Acl check
(against a cached list of Acos: $actionAcoList), then uses the standard
Html helper to create the link if the user is allowed to access it.
class SecureHtmlHelper extends Helper
{
var $helpers = array('Html');
function link(
$title,
$url,
$htmlAttributes = null,
$confirmMessage = false,
$escapeTitle = true,
$return = false)
{
$parts = explode(DS, trim($url, DS));
if (count($parts > 2))
{
$action = DS.$parts[0].DS.$parts[1];
} else {
$action = $url;
}
if (in_array($action, $actionAcoList))
{
return ' '.$this->Html->link(
$title,
$url,
$htmlAttributes,
$confirmMessage,
$escapeTitle,
$return
);
}
else
{
return '<span class="blocked_link"> '.$title.'</span>';
}
}
}
In your view you would normally call:
$html->input('Product/name');
Once you have created your secureHtml helper you call it instead:
$secureHtml->input('Product/name');
If the user has access to the field then the field is written in. If
they only have read access, then just the value is written in. If they
don't even have view access, then the field can be omitted entirely.
4. To reduce the potential burden on the system caused by having to do
many Acl checks you could pre-cache the list of models/fields that the
user has access to. I do this with the helper example above and it
works very well.
Obviously you will need to extrapolate what I have done here to get a
solution that does what you want, but I believe that the basic idea is
sound.
Regards,
Langdon
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
