Having the same problem, found that in order to get things working best bet is using cake built in scaffold as it takes cake of all the associations. when everything is working then you can cade stuff yourself. Also for ur group model try using the example found here:
http://aranworld.com/article/170/cakephp-acl-and-auth-sample-website download the sampel site and use the group model. hope it helps. cheers On Aug 29, 11:33 am, luigi7up <[EMAIL PROTECTED]> wrote: > Auth and acl? > > After 4-5 days of trying I finnaly give up :( > > I've read and followed about 6-7 tutorials about making user/group > permissions in Cake and they all have something in common: they > suck... Don't want offend anyone but it true... > > They all have different approach and that's confusing, they all skip > registration part of user which is silly because that's where > user.group.id is set and they all take some things for granted. > > So, after losing hope I decided to post my code and database tables > entries to someone who really understands how this component works. > > I want to have groups of users: All/Memebers/Admins. newly registered > users are in Members group by setting group_id=2. I want to restrict > access to controller/actions for some groups and not users directly. > As you will see I've put var $actsAs = array('Acl'); in my USER and > GROUP models to behave like ACL. > > ****************************** > > USERS MODEL: > > uses('Sanitize'); > class User extends AppModel { > > var $name = 'User'; > > var $actsAs = array('Acl'); > > var $belongsTo = array('Group'); > > function parentNode(){ > if (!$this->id) { > return null; > } > > $data = $this->read(); > > if (!$data['User']['group_id']){ > return null; > } else { > return array('model' => 'Group', > 'foreign_key' => $data['User'] > ['group_id']); > } > } > > // Ok, even if the ACL behavior takes care of the insertion > of the > // corresponding ARO node, it doesn't save an alias so you > have to > // give one yourself. We'll be using the username for the > alias. > // We'll do this after a new user is saved/inserted, so do it > inside > // the model's afterSave function > function afterSave($created) { > > // Do this if the save operation was an > insertion/record creation > // and not an update operation > if($created) { > // Ah, yes... we'll be needing the Sanitize > component > $sanitize = new Sanitize(); > > // Get the id of the inserted record > $id = $this->getLastInsertID(); > > // Instantiate an ARO model that will be used > for updating > // the ARO > $aro = new Aro(); > > // I'm using updateAll() instead of > saveField() > // Instead of querying the table to get the > id of the > // ARO node that corresponds to the user, I > just provided > // two field conditions whose combination > uniquely identifies > // the node (Model=> User, Foreign Key=> User > id). > > // I don't know why it wasn't sanitizing my > input and not > // enclosing the input in quotes. I had to do > it myself > $aro->updateAll( > > array('alias'=>'\''.$sanitize->escape($this->data['User'] > ['username']).'\''), > array('Aro.model'=>'User', > 'Aro.foreign_key'=>$id) > ); > } > return true; > } > > } > > GROUP MODEL: > > uses('Sanitize'); > class Group extends AppModel { > > var $name = 'Group'; > > var $actsAs = array('Acl'); > > // Associate with the Group table > var $hasMany = array('User'); > > function parentNode(){ > if (!$this->id) { > return null; > } > > $data = $this->read(); > > if (!$data['Group']['parent_id']){ > return null; > } else { > return $data['Group']['parent_id']; > } > } > > function afterSave($created) { > if($created) { > $sanitize = new Sanitize(); > > $id = $this->getLastInsertID(); > > $aro = new Aro(); > > $aro->updateAll( > > array('alias'=>'\''.$sanitize->escape($this->data['Group'] > ['name']).'\''), > array('Aro.model'=>'Group', > 'Aro.foreign_key'=>$id) > ); > } > return true; > } > > } > > ARTICLES_CONTROLLER: > > var $name = 'Articles'; > var $helpers = array('Html', 'Form'); > > // > function beforeFilter(){ > > //$this->Auth->allow('index','view'); > parent::beforeFilter(); > $this->Auth->allowedActions = array('*'); > } > > function index() { > $this->Article->recursive = 1; > $this->set('articles', $this->paginate()); > } > > function view($id = null) { > if (!$id) { > $this->Session->setFlash(__('Invalid Article.', > true)); > $this->redirect(array('action'=>'index')); > } > $this->set('article', $this->Article->read(null, $id)); > } > > function add() { > if (!empty($this->data)) { > $this->Article->create(); > if ($this->Article->save($this->data)) { > $this->Session->setFlash(__('The Article has > been saved', true)); > $this->redirect(array('action'=>'index')); > } else { > $this->Session->setFlash(__('The Article > could not be saved. > Please, try again.', true)); > } > } > > $users = $this->Article->User->find('list'); > $this->set(compact('users')); > } > > APP_CONTROLLER: > > var $components = array('Acl','Auth'); > > function beforeFilter() { > > //Configure AuthComponent > > $this->Auth->authorize = 'actions'; > > $this->Auth->loginAction = array('controller' => 'users', > 'action' => 'login'); > > $this->Auth->logoutRedirect = array('controller' => > 'users', > 'action' => 'index'); > > $this->Auth->loginRedirect = array('controller' => > 'users', > 'action' => 'index'); > > } > > *********************** > DATABASE: > > acos, aros and acos_aros tables are created with cake bake script so I > won't list their fields. > > Users table fields: id, username,password, group_id > > Groups table fields: id, parent_id, name > > Acos:(id, parent_id, foreign_key, alias, lft, rght): > 1, NULL, NULL, NULL, /, 2, 3 -should represent root > 2,1, NULL, NULL, Articles, 2 , 3 --should represent > ArticlesController > > Aros (id, parent_id, model, foreign_key, alias,lft , rght) > 1,NULL, Group, 1, All, 1,8 > 2,NULL, Group, 2, Members, 2,5 > 3,NULL, Group, 3, Admins, 6,7 > 4,2,User,25,baraba,3,4 > > acos_aros: (id, aro_id_aco_id, C, R, U, D) > 2,2,0,0,0,0 - should mean MEBERS group users are not allowed to > CRUD ArticlesController actions ?!? > > I tried also: > 2,2,-1,-1,-1,-1 > ************************* > > Right now only > > $this->Auth->allowedActions = array('index'); > > restricts access to users that are not logged but this has nothing to > do with ACL component. This is just AUTH default behavior.... > > For example I want deny access to group MEMBERS for all actions of > ARTICLE_CONTROLLER... > > What would be the right entries in acos, aros and acos_aros tables? > > What would I have to change in my ARTiCLEcontroller to allow/deny by > checking acos_aros table? > > I know there is a lot of code to check but you are last chance... > > Please help me to solve this so that 4-5 days were not lost in vain... > > Best Regards, > > Luka --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
