Here is one way you could do a time limited ACO. Let's say you wanted
to limit update access to a comment:
1) when comment is created, create an ACO that is bound to that
comment
2) grant the user permission to update that particular comment
3) in the controller, before presenting the edit view, check BOTH if
the time is a set amount of time after the creation of comment AND if
the user has update access to the comment.
a) if within time limit and has access, then show edit form
b) if not within time limit, then DENY update permission to that
comment and at the same time, prevent the user from viewing the edit
form.
The nice thing about this is that after the first attempt to access
the page after the time limit, the user will just automatically be
denied access to the controller/action without a conditional check.
However, if you are using the AuthComponent, be aware that the
AuthComponent does not pass ID information along to the Acl
Component. So you are unable to use the AuthComponent to restrict
access to a particular record.
See: https://trac.cakephp.org/ticket/3857
On Apr 24, 9:43 am, mcjustin <[EMAIL PROTECTED]> wrote:
> Thank you James; but I don't think that addresses the notion of adding
> flexibility to rules so they are not absolute, but dependent upon
> various criteria. For example, allow an ARO to access an ACO only
> during a particular time window. Zend_Acl allows an assertion
> construct to be passed to rule definitions for this purpose; I'm
> wondering how one might go about doing that with CakePHP...
>
> Thanks!
>
> On Apr 23, 5:06 pm, James K <[EMAIL PROTECTED]> wrote:
>
> > Cake provides perfectly generic, free-form ACL rules. It has built-in
> > support for controller or action based ACL via the Auth Component, but
> > you don't need to use either.
>
> > I have very fine grained ACOs, and use AROs as roles.
>
> > When I do an ACL check, I can write something like
> > $this->Acl->check('role1', 'users/address/mailing', 'read') to see if role1
> > has
>
> > access to other users mailing address information. You don't have to
> > limit yourself to controller/action or any of the other methods you'll
> > find outlined in the Bakery. You can build your ACO/ARO trees however
> > you like and the check function will be able to check against them.
>
> > On Apr 23, 12:44 pm, mcjustin <[EMAIL PROTECTED]> wrote:
>
> > > Does CakePHP's ACL have anything like Zend_Acl's Assert
> > > functionality?http://framework.zend.com/manual/en/zend.acl.advanced.html
>
> > > Our application will have a large number of business rules, which we
> > > need to limit access based on various non-constant criteria.
>
> > > If not built into cake's ACL, could anyone suggest a way to
> > > incorporate it?
>
> > > Thanks!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
