Hi CCB > 1. Can Cake's (1.x ) ACL support ARO's or ACO's that belong to > multiple groups? I know that a group can be a part of another group > but that isn't not what I'm talking about. I'm talking about an ARO > being part of two completely unrelated groups.
No it can't. An ARO, or an ACO can only have one direct parent. A leaf in ACL (an ARO or ACO) can only be attached to one branch of a tree. > 2. Can Cake's (1.x) ACL support field level permissions? Lets say > that a user is allowed to view an action but not all users that view > the action are treated equally. Basically, user A can see everything > where as user B can only see half of everything. Short answer is yes. An ACO can represent pretty much anything you want it to. Typically we talk about ACOs representing Actions, but for instance I use ACOs to control access to Actions and Records. I thought about doing field level control but decided that it wasn't necessary for my current project. The downside to this is performance. If you are doing an ACO check on every field in every form you may find that the performance hit is too much to bear. To avoid that, you could cache the Action and Field permissions when the user logs in. I use that approach with Actions to quite good effect. I only call Acl->check when retrieving data. Given the nature of my application and the way that I have implemented the permission checking on data it is not a big burden. Hope this helps. Regards, Langdon --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
