Thanks for sharing.
I have been tinkering with something that at some level is kind of
similar. I'll definitely take a closer look at your setup later.
I have set it so that one user is the "root" and can access
everything.
Then for users I dynamically generate an array of allowed controllers
based on the users permissions. (e.g. Users HABTM Controllers)
This array is also used to decide which menu items to display for the
current user.
(I should explain that all users in my application are editors/admins
in some sense so I really don't need advanced premissions)
I might try to merge your idea with my own later on. If I get aroubnd
to is and it works I'll post back the code.
On Feb 22, 10:00 am, BlenderStyle <[EMAIL PROTECTED]> wrote:
> I had to piece together information from several different places to
> finally come up with a usage of the Auth Component I was somewhat
> happy with. The primary thing that bothered me is that when using
> $this->Auth->authorize = 'controller';, all actions are denied by
> default. In my mind, I thought I would just allow all actions and then
> deny the ones that need security, but it doesn't work that way. Also,
> I wanted to focus most of the work in AppController, so that if other
> controllers didn't want to use security, they didn't have to do
> anything. Let me share my bare solution in hopes that it might help
> someone else.
>
> AppController:
> var $components = array('Auth');
>
> var $__guestActions = array(); // override this in controller
> var $__userActions = array(); // override this in controller
> var $__adminActions = array(); // override this in controller
> var $__neverAllow = array('login'); // this saved me some headaches -
> don't put logout in here
> var $currentUser = null;
>
> function beforeFilter() {
> $this->Auth->authorize = 'controller'; // with this set, Auth looks
> for isAuthorized()
> $this->currentUser = $this->Auth->user(); // for convenience
>
> // this is where I screw with what Cake intended
> $allActions = $this->getAllActions(); // get every single method from
> the controller
> $allowedActions = array_diff($allActions, $this->__neverAllow); //
> remove never allowed actions
> $allowedActions = array_diff($allowedActions, $this->__userActions);
> // remove user actions
>
> $allowedActions = array_diff($allowedActions, $this->__adminActions);
> // remove admin actions
>
> $this->Auth->allow($allowedActions); // only allow the leftovers}
>
> function beforeRender(){
> $this->set('currentUser', $this->currentUser); // this makes my
> $currentUser available to all my views}
>
> function getAllActions() {
> return get_class_methods($this->name.'Controller'); // this gets all
> the methods from the controller}
>
> // I basically set this up for a three-level security approach (guest,
> user, admin)
> function isAuthorized() {
> $requestedAction = $this->params['action'];
> $isAdmin = $this->currentUser['User']['admin'];
> if($isAdmin){
> return true;
> }elseif(in_array($requestedAction, $this->__userActions)) {
> return true;
> }else{
> return false;
> }
>
> }
>
> UsersController:
>
> var $__guestActions = array('testGuest'); // if I commented this out,
> it would still work
> var $__userActions = array('testUser'); //
> var $__adminActions = array('testAdmin');
> function testGuest() {
> // everyone can access this}
>
> function testUser() {
> // only users and admins in here}
>
> function admin() {
> // only admins in here}
>
> function login() {
> if(!empty($this->data)) {
> if($this->Auth->login()) {
> $this->redirect($this->Auth->loginRedirect);
> }else{
> $this->data = null;
> $this->set('error', $this->Auth->loginError);
> }
> }}
>
> function logout() {
> $this->Auth->logout();
> $this->redirect($this->Auth->logoutRedirect);}
>
> function beforeFilter(){
> parent::beforeFilter(); // if you plan to use beforeFilter() in your
> controller, add this first
>
> }
>
> That's about it. It's really stripped down and basic, but it's my
> first attempt, and it works. You can opt to use any, all, or none of
> the three "access" variables ($__guestActions, $__userActions, and
> $__adminActions).
>
> All the blogs I read basically had empty login and logout controllers.
> I never saw got that to work. Am I missing something? Also,
> redirection doesn't work well in this. If you arrive at an empty
>
> Oh, by the way, you need to create a user manually in your database.
> To get a password that works, use $this->Auth-
>
> >password($password_to_hash);. That will give you the hashed password.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
