Hi Anja,
Thanks for your reply. I will in vestigate in that!
What confuses me a little bit: When I want my security to be based on
controller action access, I can easily create ACOs named after the
controller actions and configure access in the aro_aco table. Any
unallowed access causes the Auth / ACL component to protect the
actions.
When I want security to be model based, and I create ACOs based on my
models - including the modelname and foreign key, an aro_aco entry
does not do protect anything. I can use the $this->Acl->check() method
to find out if a user is allowed to access a certain record, but I
wonder why that isn't done automatically? or why I can't place that
check() method in a callback function of the model (where it would
belong to).
Did I miss something here?
All the Acl examples in the docs just refer to a controller/action
based ACL. Is there an example available that works with ACL based
directly on records?
Thanks,
bye
me.
On Nov 19, 5:04 pm, "Liebermann, Anja Carolin"
<[EMAIL PROTECTED]> wrote:
> Hi Marcus,#
- E.I.? E.I. OH (2004) TV episode .... Vanessa Brooks
# Identity Theft: The Michelle Brown Story (2004) (TV) .... Michelle
Brown
... aka Identity Theft (UK)
... aka Ma vie volée (Canada: French title)
# Lucky 7 (2003) (TV) .... Amy Myer
... aka Lucky Seven (USA: DVD title)
# The Christmas Shoes (2002) (TV) (as Kimberly Williams) .... Maggie
Andrews
... aka Souliers de Noël, Les (Canada: French title)
>
> As I just found out yesterday mayself:
> I guess you have to map your actions to the CRUD model like:
> $this->Auth->mapActions(array('update'=>
> array('edit','editFoo','myupdatesomething')));
>
> That is, when you plan on also using Auth....
>
> Anja
>
> -----Ursprüngliche Nachricht-----
> Von: [email protected] [mailto:[EMAIL PROTECTED] Im Auftrag von
> eMarcus
> Gesendet: Mittwoch, 19. November 2008 15:55
> An: CakePHP
> Betreff: General ACL Question
>
> Hi,
>
> I want to use the ACL component to control access of users to model data.
>
> I built up AROs, ACOs and permissions so far.
>
> 1.) does the ACL component automatically check if a user has an UPDATE right
> on save operations?
> 2.) if not, where would be the best place to perform that check? (in a
> callback function in the model itself, in the controller?)
>
> Thanks,
>
> bye
> me.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
