Hi everybody,
After 2 weeks thinking about it and sleeping over it and setting up
aros_acos 4 times: Please maybe somebody has a good hint what I did
wrong.
Situation: CakePHP 1.2 application with Auth and ACL
Some permissions work fine e.g. I allow certain groups full access to a
certain controller. That works.
In my controller "Hotelmasters" I have the action index:
function index() {
$bearbeiter =
$this->Hotelmaster->User->find('list',array('order' => 'name ASC'));
$bearbeiter[0] = '';
$param['Hotelmaster.deleted'] = '0';
$hotelmasters = $this->paginate('Hotelmaster',$param);
$this->set('bearbeiter',$bearbeiter);
$this->set('hotelmasters', $hotelmasters);
}
The aro group 10 has the aro_id 26. That is the group with which I am
testing. A lot of rights, but not everything.
The Hotelmasters has the aco_id 90. Parent is "controllers".
The aros_acos dataset is:
id aro_id aco_id _create _read _update _delete
45 26 90 1 1
1 -1
So my user is allowed to read Hotelmasters.
In my app_controller.php I have:
$this->Auth->mapActions(array(
'read'=>
array('arraysMitMaster', 'getBilder', 'getHotelbilder',
'getHotelmasterbilder', 'getHotelmastertexte',
'getHotelsByAuspraegungOrt',
'getHotelslisteByOrtmaster', 'getHoteltexte',
'getKatalogplanung', 'getOrtbilder', 'getOrtByZielgebietAjax',
'getOrtmasterbilder',
'getOrtmasterByZielgebietmasterAjax',
'getOrtmastertexte', 'getOrtplanung', 'getOrtsByAuspraegungZielgebiet',
'getOrtslisteByZielgebietmaster', 'getOrttexte',
'getSonderkonditionmaster', 'getVerhotelbildmaster',
'getVerhoteltextmaster',
'getVerpflegungmaster', 'getVerzielgebietbildmaster',
'getZielgebiet', 'getZielgebietbilder', 'getZielgebietmasterbilder',
'getZielgebietmastertexte', 'getZielgebietplanung',
'getZielgebietsByAuspraegung', 'getZielgebiettexte','hotel_komplett',
'hotelinfoskomplettieren',
'hotelskomplettieren','index',
'index2','ortskomplettieren','sonderkonditionskomplettieren', 'suche',
'urlaubsartskomplettieren',
'verpflegungskomplettieren','view','viewPdf'),
'create'=>
array('add',
'addHotelauspraegung','verknuepfungwaehlen'),
'update'=>
array('edit', 'editKatalogplanung', 'editOrtplanung',
'editverknuepfung',
'editZielgebietplanung','order','saveKatalogplanung',
'saveOrtplanung', 'saveZielgebietplanung', 'sortverknuepfung'),
'delete'=>
array('delete')));
Note the 'index' in the 'read' array in the line before the last line. I
get the same problem , when I have only 'index' in my read array.
So 'index' is an equivalent of 'read' which should be allowed. And my
index function doesn't trigger other functions which might have
different rights.
Any idea where else I can look for an error or if this contains an
error?
Thank you in advance for your efforts!
Anja
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
