Hi everybody! I've been struggling for a while now implementing a good Auth/ACL base for our application, using the built in components of CakePHP 1.2 (using SVN trunk).
I've read all tutorials I could find, and got a fairly good understanding on how stuff works, but I'm having a hard time finding information on good practice when designing the ACOs (AROs seem pretty straight forward, using a group as parent, although I ran into problems when editing a user and updating the Role, opened up ticket #4261 for that). The main question I have is how people generally solve the issue with a user being able to edit their own records (posts, profiles and so on). As far as I can see, this isn't possible when using authorize=actions with the Auth component (see Ticket #3857. The patch doesn't work, but is easily fixed). Is this correct? Is it just not implemented yet, won't be supported or is it possible in some other way I have missed (most likely hehe)? Following that layout, you would need to create an ACO for every action possible for a record right? So, for example, three ACOs if a user would be able to delete, read and edit it? Guess that's no real problem though, but there will be quite a few ACOs after a while :) Also, another thing that I haven't been able to find any definitive answer to is how the alias field is used. Basically, does it need to be unique? Does it need to follow any other standards to make things automagically just work? Thanks for your time! Best regards, Oscar Carlsson --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
