On Jun 8, 5:46 pm, "Howard Glynn" <[EMAIL PROTECTED]> wrote: > Miraculously, I now understand ACL. I have hierachies of ACOs and AROs > and such like > with groups of users and essentially lists of controllers. I've > demonstrated various deny/allow situations. Lucky me! > > The 2 or 3 instances of documentation on said topic describe having a > central "checkAccess()" method in AppController. eg > seehttp://manual.cakephp.org/chapter/aclhttp://bakery.cakephp.org/articles/view/user-permissions-and-cakephp-... > > My ACO's that are the same name as the controllers as per the second > url, making it easy to establish this from the object params. > > What I'm asking is, should I expect to have to put a checkAccess() > call in almost every single controller method? It would call the > method with the appropriate C/R/U/D label required to run the > Acl->check() method. I wouldn't, it's a lot simpler to put a single generic call in your app controller beforeFilter, or in a compoent that is included by your app controller. > > It just doesn't seem very elegant having a call in every single method > compared to other cake concepts. Am I missing something? > > I thought about beforeFilter() but then the problem becomes, how do > you know that method "xyz()" should be checked against (say) > "update"??? either use a url-action -> acl-action mapping array, or disassociate your url actions from CRUD functions. Note that for any field in the aros_acos table which begins as an underscore can be used as the action in an acl check. i.e. if you added the field _foo, you could then check ( $aro, $aco, "foo") Here's an alternative which disassociates your acl stuff from the acl actions, http://www.noswad.me.uk/MiBlog/ACLPart1, http://cakeforge.org/projects/acl-admin hth, AD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
