On Jul 13, 3:17 pm, cakeFreak <[EMAIL PROTECTED]> wrote:
> Great Article!
>
> I was just wondering whether instead of building the aros for every
> single user, it is possible to build the aros (and then acos) for
> user groups instead.
>
> You get the usergroup from the Auth->user session data, ACL checks if
> the group of that user is allowed a specific ACo and so on!
>
> If you Ketan could provide a bit of advice... it would be much
> appreciated!
>
> Dan
Hi Dan,
You could use above method to do what you want. Say for eg: You have a
controller reports with various actions and you wish to give only
users group access to it and verify if the user has access to that
report controller or not?
1. Create Aro for the UserGroup
2. Create Aco for the Controller (if required, may be for actions too)
3. Grant permission
$this->Acl->allow( 'UserGroupAro', 'ControllerAco', 'permissions')
Then, all you have to do is
$this->Acl->check('UserGroupAro', 'ControllerAco', 'permission');
Such method would be useful only when you have all users belonging to
certain group same access level to the given 'Aco' (ie. controller in
this case). But in case if you need more fine control like : say User
A and User B belongs to UserGroup Z. UserGroup Z is given access to
Notes Controller which can read, create, delete and update notes in
Note Model.
UserA created a note which is private to user A and you do not want
User B to access it then with above method, this would fail as the
whole UserGroup Z is given CRUD access to the NotesController, so
essentially all the users belonging to UserGroup Z can CRUD each
others record which is not good and this is when you have to use the
record level control as given in my article.
Hope this is what you wanted!!
Ketan ;-)
http://www.eClassifieds4U.com - Free Classifieds with Photos
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
