Thank you all for your comments.
Brian, you CSS method seems a bit flawed as the links are still sent
to the browser; and the idea is to completely hide them from the end
user. CSS wouldn't be enough due to Firebug and such.
Günther, you seem to be working on the exactly same thing. Did you
notice any significant slowdowns in your application? I fear that a
lot of permission checking might slow everything down.. My idea was to
cache user permissions upon login, but I didn't find any way to get
*all* permissions in a single DB query. If anyone has an idea on how
to do that elegantly, please let us know. I'd especially like to hear
comments from the core team about this, since "hiding the disallowed
links" is pretty common in real-life applications.
Anja, you system would work very nice for a set of predefined user
groups, however; I'm planning on enabling the user to create, remove,
modify and nest groups completely unrestricted, and modify their
permissions accordingly. Therefore, I won't have "admin group" and
"master group" as such (although there will be a built-in/unmodifiable
"root" user).
Cheers!
On Nov 17, 11:00 am, "Liebermann, Anja Carolin"
<[EMAIL PROTECTED]> wrote:
> I agree with Günther: Hiding is the best. for all named reasons.
>
> I am still struggling with acl and auth. Until now i did it very roughly in
> my menues like this:
>
> $usergruppe = $session->read('User.Gruppe.id');
> //echo $usergruppe;
> switch($usergruppe){
> case 2:
> $admin = true;
> $master = true;
> break;
> case 10:
> $master = true;
> break;
> case 11:
> $master = true;
> break;
> case 15:
> $master = true;
> break;}
>
> ?>
>
> if($master){ ?>
> <span class="menuitem"> <?php echo
> $html->link('Master',array('controller'=>'hotelmasters',
> 'admin'=>false),$linkformat); ?></span> |
> <?}
> Etc....
>
> Quite crude, I know..... So a more elegant solution is appreciated.
>
> Anja
>
> -----Ursprüngliche Nachricht-----
> Von: [email protected] [mailto:[EMAIL PROTECTED] Im Auftrag von dr.
> Hannibal Lecter
> Gesendet: Freitag, 14. November 2008 18:09
> An: CakePHP
> Betreff: best practices: disable/hide links which are denied by ACL?
>
> Hi all,
>
> I'm halfway through the ACL implementation (well, almost...), and I was
> wondering: is it better to hide the links which are denied by ACL (we're
> talking about the already logged-in user), or show them and give the user the
> Auth message "not enough privileges"?
>
> Obviously, hiding all the denied links will make views a bit messier and
> slower to run overall, but user interface will be cleaner. Do you think it's
> worth it?
>
> Please note that I'm not talking just about the admin/regular user views, I'm
> talking about custom user groups *and* dynamic permissions.
>
> If you have an opinion, I'd like to hear it!
>
> Thanks in advance!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
