I did face this scenario and came up with a solution using "profile". A profile HABTM groups "with" ProfileGroup, and a user has one profile. The trick is to create an aro on each ProfileGroup and link them (ie: by associating them using the parent_id). Then a user Aro pointing to the first aro of the ProfileGroup. But you have to create a ProfileGroup for every combination of groups available, but that can be done (I had only 5 groups)..
hth On Feb 12, 5:17 am, aranworld <[EMAIL PROTECTED]> wrote: > Have you tried to just add one user to two groups in the console app > and see what happens? > > I have just been reading through the check() function in cake\libs > \controller\components\acl.php [DB_ACL]. I'm not 100% sure, but based > on Nate's response above, I have a feeling that this is setup to > actually work already. Just give two entries in the aros table the > same alias. In fact, I wonder if the reliance on aliases is precisely > to allow this to happen more easily? > > Although, I could imagine this causing problems with the AclBehavior. > > On Feb 11, 4:41 pm, "[EMAIL PROTECTED]" > > <[EMAIL PROTECTED]> wrote: > > BTW, i was thinking the other day at solutions around this and thought > > to duplicate the aro of a user for each group the user is in, and mark > > this in the alias somehow. Then retrieve all the rights for all the > > AROs of the user and try to solve conflicts between them. Since the > > user is usually in few groups i think this is doable. I could even > > write a new ACL behavior to do the duplication job for me. > > What do you guys think? Does it worth trying? > > > On Feb 12, 2:21 am, "[EMAIL PROTECTED]" > > > <[EMAIL PROTECTED]> wrote: > > > Interesting what you're saying. It's true that by carefully nesting > > > groups you can solve a lot of cases but this leads to creating many > > > groups that their only purpose is to nest other groups. I know that > > > It's also true that solving conflicts in a "user in many groups" > > > system would probably require as much effort, but even so... i wish i > > > would know what nate's referring to, when he's saying that "This is > > > technically possible with the new 1.2 ACL system" (in > > > here:https://trac.cakephp.org/ticket/2191) > > > > On Feb 12, 1:35 am, aranworld <[EMAIL PROTECTED]> wrote: > > > > > You are right. A user can only have one parent. But that user does > > > > not necessarily have to have the exact same permissions as it's > > > > parent. > > > > > If you have a user in the "car mechanic" group, but this person also > > > > has experience fixing bicycle tires, you could give that person -- and > > > > that person only -- access to the BicycleTire controller, which is > > > > otherwise only available to those in the "bike mechanic" group. > > > > > You can, of course, also nest groups. So if you want to give bike > > > > mechanics access to only bikes, but car mechanics access to bikes and > > > > cars, you could make bike mechanics the parent of car mechanics. In > > > > this case, car mechanics will inherit all from bikes (their parent), > > > > but then you can assign whatever extra permissions you want to the car > > > > mechanics without having those permissions applied to bike mechanics. > > > > However, if you have a car mechanic who knows nothing about bikes, you > > > > can then revoke all his permissions to bicycles, but keep him in the > > > > car mechanic group. > > > > > On Feb 10, 10:35 pm, "[EMAIL PROTECTED]" > > > > > <[EMAIL PROTECTED]> wrote: > > > > > Can the current ACL system be used for this situation: the requester > > > > > (user) can have multiple parents (groups) ? From what i see the > > > > > inheritance in aros is 1:1 for now. What do you guys use? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
