Auth and acl?
After 4-5 days of trying I finnaly give up :(
I've read and followed about 6-7 tutorials about making user/group
permissions in Cake and they all have something in common: they
suck... Don't want offend anyone but it true...
They all have different approach and that's confusing, they all skip
registration part of user which is silly because that's where
user.group.id is set and they all take some things for granted.
So, after losing hope I decided to post my code and database tables
entries to someone who really understands how this component works.
I want to have groups of users: All/Memebers/Admins. newly registered
users are in Members group by setting group_id=2. I want to restrict
access to controller/actions for some groups and not users directly.
As you will see I've put var $actsAs = array('Acl'); in my USER and
GROUP models to behave like ACL.
******************************
USERS MODEL:
uses('Sanitize');
class User extends AppModel {
var $name = 'User';
var $actsAs = array('Acl');
var $belongsTo = array('Group');
function parentNode(){
if (!$this->id) {
return null;
}
$data = $this->read();
if (!$data['User']['group_id']){
return null;
} else {
return array('model' => 'Group', 'foreign_key'
=> $data['User']
['group_id']);
}
}
// Ok, even if the ACL behavior takes care of the insertion of
the
// corresponding ARO node, it doesn't save an alias so you have
to
// give one yourself. We'll be using the username for the alias.
// We'll do this after a new user is saved/inserted, so do it
inside
// the model's afterSave function
function afterSave($created) {
// Do this if the save operation was an
insertion/record creation
// and not an update operation
if($created) {
// Ah, yes... we'll be needing the Sanitize
component
$sanitize = new Sanitize();
// Get the id of the inserted record
$id = $this->getLastInsertID();
// Instantiate an ARO model that will be used
for updating
// the ARO
$aro = new Aro();
// I'm using updateAll() instead of saveField()
// Instead of querying the table to get the id
of the
// ARO node that corresponds to the user, I
just provided
// two field conditions whose combination
uniquely identifies
// the node (Model=> User, Foreign Key=> User
id).
// I don't know why it wasn't sanitizing my
input and not
// enclosing the input in quotes. I had to do
it myself
$aro->updateAll(
array('alias'=>'\''.$sanitize->escape($this->data['User']
['username']).'\''),
array('Aro.model'=>'User',
'Aro.foreign_key'=>$id)
);
}
return true;
}
}
GROUP MODEL:
uses('Sanitize');
class Group extends AppModel {
var $name = 'Group';
var $actsAs = array('Acl');
// Associate with the Group table
var $hasMany = array('User');
function parentNode(){
if (!$this->id) {
return null;
}
$data = $this->read();
if (!$data['Group']['parent_id']){
return null;
} else {
return $data['Group']['parent_id'];
}
}
function afterSave($created) {
if($created) {
$sanitize = new Sanitize();
$id = $this->getLastInsertID();
$aro = new Aro();
$aro->updateAll(
array('alias'=>'\''.$sanitize->escape($this->data['Group']
['name']).'\''),
array('Aro.model'=>'Group',
'Aro.foreign_key'=>$id)
);
}
return true;
}
}
ARTICLES_CONTROLLER:
var $name = 'Articles';
var $helpers = array('Html', 'Form');
//
function beforeFilter(){
//$this->Auth->allow('index','view');
parent::beforeFilter();
$this->Auth->allowedActions = array('*');
}
function index() {
$this->Article->recursive = 1;
$this->set('articles', $this->paginate());
}
function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Article.', true));
$this->redirect(array('action'=>'index'));
}
$this->set('article', $this->Article->read(null, $id));
}
function add() {
if (!empty($this->data)) {
$this->Article->create();
if ($this->Article->save($this->data)) {
$this->Session->setFlash(__('The Article has
been saved', true));
$this->redirect(array('action'=>'index'));
} else {
$this->Session->setFlash(__('The Article could
not be saved.
Please, try again.', true));
}
}
$users = $this->Article->User->find('list');
$this->set(compact('users'));
}
APP_CONTROLLER:
var $components = array('Acl','Auth');
function beforeFilter() {
//Configure AuthComponent
$this->Auth->authorize = 'actions';
$this->Auth->loginAction = array('controller' => 'users',
'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'users',
'action' => 'index');
$this->Auth->loginRedirect = array('controller' => 'users',
'action' => 'index');
}
***********************
DATABASE:
acos, aros and acos_aros tables are created with cake bake script so I
won't list their fields.
Users table fields: id, username,password, group_id
Groups table fields: id, parent_id, name
Acos:(id, parent_id, foreign_key, alias, lft, rght):
1, NULL, NULL, NULL, /, 2, 3 -should represent root
2,1, NULL, NULL, Articles, 2 , 3 --should represent
ArticlesController
Aros (id, parent_id, model, foreign_key, alias,lft , rght)
1,NULL, Group, 1, All, 1,8
2,NULL, Group, 2, Members, 2,5
3,NULL, Group, 3, Admins, 6,7
4,2,User,25,baraba,3,4
acos_aros: (id, aro_id_aco_id, C, R, U, D)
2,2,0,0,0,0 - should mean MEBERS group users are not allowed to
CRUD ArticlesController actions ?!?
I tried also:
2,2,-1,-1,-1,-1
*************************
Right now only
$this->Auth->allowedActions = array('index');
restricts access to users that are not logged but this has nothing to
do with ACL component. This is just AUTH default behavior....
For example I want deny access to group MEMBERS for all actions of
ARTICLE_CONTROLLER...
What would be the right entries in acos, aros and acos_aros tables?
What would I have to change in my ARTiCLEcontroller to allow/deny by
checking acos_aros table?
I know there is a lot of code to check but you are last chance...
Please help me to solve this so that 4-5 days were not lost in vain...
Best Regards,
Luka
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
