@Ketan The article is quite good, pretty easy to read if you understand the basic concepts of ACL. However, I would recommend reading about the AclBehavior as it will reduce the logic in your controller. I am a fan of Chris Hartjes's Fat Model, Skinny Controller school of thought.
@Dan Cakephp 1.2's AclBehavior is perfect for this sort of thing - I use it to create Groups/Roles and then authorize on that. Warning: Shamless self promotion ahead :) I am in the process of writing a series of articles on ACL and the built in AclBehavior and Auth component, as I figure them out. You can read the first one on AclBehavior at http://lemoncake.wordpress.com/2007/07/15/using-aclbehavior-in-cakephp-12/ It doesn't explain ACL concepts, just how to use the behavior. Geoff -- http://lemoncake.wordpress.com On Jul 16, 2:34 am, Ketan Patel <[EMAIL PROTECTED]> wrote: > On Jul 13, 3:17 pm, cakeFreak <[EMAIL PROTECTED]> wrote: > > > Great Article! > > > I was just wondering whether instead of building the aros for every > > single user, it is possible to build the aros (and then acos) for > > user groups instead. > > > You get the usergroup from the Auth->user session data, ACL checks if > > the group of that user is allowed a specific ACo and so on! > > > If you Ketan could provide a bit of advice... it would be much > > appreciated! > > > Dan > > Hi Dan, > You could use above method to do what you want. Say for eg: You have a > controller reports with various actions and you wish to give only > users group access to it and verify if the user has access to that > report controller or not? > > 1. Create Aro for the UserGroup > 2. Create Aco for the Controller (if required, may be for actions too) > 3. Grant permission > $this->Acl->allow( 'UserGroupAro', 'ControllerAco', 'permissions') > > Then, all you have to do is > $this->Acl->check('UserGroupAro', 'ControllerAco', 'permission'); > > Such method would be useful only when you have all users belonging to > certain group same access level to the given 'Aco' (ie. controller in > this case). But in case if you need more fine control like : say User > A and User B belongs to UserGroup Z. UserGroup Z is given access to > Notes Controller which can read, create, delete and update notes in > Note Model. > > UserA created a note which is private to user A and you do not want > User B to access it then with above method, this would fail as the > whole UserGroup Z is given CRUD access to the NotesController, so > essentially all the users belonging to UserGroup Z can CRUD each > others record which is not good and this is when you have to use the > record level control as given in my article. > > Hope this is what you wanted!! > Ketan ;-)http://www.eClassifieds4U.com- Free Classifieds with Photos --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
