Well, I too was in the same boat you are currently. Earlier, I thought that ACL is a bit of too much for what I needed and went the path you are thinking of going. Hard coding it based on what you think the groups of users would have the access to. It works best at the basic level. But the moment you start making changes to groups of users and the stuff they have access to, it gets clumsy and difficult to maintain. So based on my experience, if you are not going to change things later on with groups of users or access areas, then go with the hard coded method. It will get your job done.
But on the other hand, if you use ACL in this case, it would be difficult to get going initially, as you may have figure stuff out. But once it is setup, you will have a peace of mind because you know if you had to change something, it would be just one record change and the changes will appear system-wide. That is the beauty of ACL and I am now a fan of ACL. Ease of maintaining the access is what makes use of ACL elegant. If you think of using ACL, then make sure you use the ACL behavior that comes with Cake. I am in process of writing an article for ACL from start to finish, which would get a user going with ACL in least amount of time. Cheers, Ketan ;-) [EMAIL PROTECTED] wrote: > I'm working on a site that I've been using Cake's ACL for so far - > basically, I've got three main groups/areas to the site, a public > area, a customers area, and an administration area. There will > eventually be different levels of administrators inside the > administration area. I've got those setup as AROs, and was planning on > setting up an ACO list with controllers and actions, and then allowing > and disallowing each group certain ones. Then for things such as > navigation and homepage customizations for the different groups, I > would just detect which ARO group a user was under, and choose which > version to use. > > But I'm wondering if it wouldn't be easier do what I was planning to > do with homepage and navigation modifications for the whole thing. > Simply to have a users and a groups model, and a component that you > can call from the action to find out which group the current user is > logged into. Then the action would allow, disallow, or modify its > behavior based on that information. So instead of storing what a > certain type of user is allowed to do and isn't allowed to do inside > ACL database, and checking from the appController, they would be hard > coded into and checked in individual actions or whole controllers. > They don't need to change much, unless I'm adding a new type of user > or a new type of action. It seems that this might be a lot less > complex, and work just as well. > > My question is, best practices wise, is this a good system to use? Or > is ACL pretty much the standard way to do it? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
