Unless you need the ability to have fine grained, unique permissions on a per-user basis, then I would avoid entering your users into the ARO table (like most ACL tutorials suggest). Instead add your roles to the ARO table. Then in your system logic, you can pull the user's role in a particular organization, then check against the ACL tables for that role to find out what that user should be able to do in that context.
This leaves your ACL tables MUCH lighter, far less queries need to be run against them as well. - James On Mar 23, 8:13 pm, mguthrie <[email protected]> wrote: > I'm looking into CakePHP for developing an application that appears to > have some unique requirements. I'll try to break it down as simply as > I can: > > 1.) Users register with the site > 2.) A user can belong to one or more organizations (by invite only). > These organizations keep data specific to their organization that > isn't shared or publicly available to the rest of the organizations. > Think of a CRM where each user can belong to one or more organizations > that each manage their own customers in the same system. > 3.) A user needs to have different rights depending on the > organization. In one organization a user may be an administrator and > can do all things but in another they may only be able to view a > certain area belonging to that organization. > > Everything in the application is going to center around a user's > current organizational id. So in the backend there will be a lot of > filtering by organization ID. > > Can the CakePHP ACL give me that kind of flexibility? Can a user have > different rights to the same database tables depending on which > organization they are currently working as? > > This may be confusing so if anyone needs me to clarify please let me > know. > > Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
