Hi, I think I think I have read all the acl tutorials out there and I still don't understand how this works in cakephp. All of those tutorials have a different approach on how to use the acl/auth components so you end up confused as they contradict some times or explain how to do the same thing in different ways, very frustrating. The new chapter on the book cleared a lot of things to me but still is missing some things that I still have lots of confusion and questions. So I'm going to ask here some of them to try to get a clearer view of the acl component and be able to use it. I hope the answers to my questions also help others as I see that I'm not the only one that doesn't understand how this works based on the large amount of questions about the acl component on this list and the comments on many of the tutorials.
Ok first, I have it clear on how to create ARO's and ACOS, the cake book explains that very well, but on how to assign permissions, on how ARO's access ACO's, it only explains how to do it with CRUD actions, not with other actions different from CRUD's or admin actions when using admin routing. How should those actions be assigned to ARO's and ACO's permissions? Second, the authorization checks have to be made explicitly using the Acl->check method or can be done implictly? of all of what I have read I have the impression that it can be handled both ways but now I'm very confused. If not and the only way is to explicitly do the checks, where do they should be done, on the beforeFilter method of each controller or on the same method of AppController? Third, the Auth component has a variable called authorize, which as far as I understand, it's used to set the type of authorization to be used or something like that. The possible values I'm aware of are crud" which is used to do authorization with CRUD actions, and "controller" and "model", which require a method called isAuthorized in the controller and model respectively where the authorization takes place. Is any other value for authorize that I'm not ware of and are my assumptions correct about the meaning of the possible values? Fourth, where should I specify a controller action's that don't need authentication nor authorization? on each controller on the beforeFilther method or in appController ? I think this is all for now, many thanks in advance for the answers. Cheers, -- Juan Luis Baptiste --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
