I did something similar to this. However, I was so overwhelmed by the
contradictory and/or incomplete information I found about Cake's ACL
(mostly because it was quite dated) that I really don't know for sure
that I did it the best way.
My app is an extranet that has several different Groups. The
navigation consists of many Sections that are stored as a tree (MPTT).
Some Sections may not be seen by certain Groups. So, to display this
navigation tree, I called this method in my SectionsController:
public function nav($group_id = null)
{
if (is_null($group_id))
{
if (!$this->params['admin'])
{
$group_id = $this->Auth->user('group_id');
}
}
$this->Session->write('group_id_for_nav', $group_id);
/* try getting the nodes from the cache
*/
$sections = Cache::read("group_sections_${group_id}", 'default');
if (!$sections)
{
/* fetch the permissions for this group
*/
$perms = $this->Acl->Aco->find(
'all',
array(
'fields' => array('Aco.foreign_key'),
'conditions' => array(
'Aco.model' => 'Section',
'Aco.id = Permission.aco_id'
),
'recursive' => -1,
'joins' => array(
array(
'table' => 'aros',
'alias' => 'Aro',
'type' => 'INNER',
'conditions'=> array(
'Aro.model' => 'Group',
"Aro.foreign_key =
${group_id}"
)
),
array(
'table' => 'aros_acos',
'alias' => 'Permission',
'type' => 'INNER',
'conditions'=> array(
'Permission.aro_id =
Aro.id',
'Permission._read >= 0'
)
)
)
)
);
$section_ids = Set::extract($perms, '{n}.Aco.foreign_key');
/* we don't want to see the root node
*/
unset($section_ids[0]);
/* now grab the sections these permissions allow
*/
$sections = $this->Section->threaded($section_ids);
/* save this group's allowed sections
*/
Cache::write("group_sections_${group_id}", $sections,
'default');
}
return $sections;
}
So, the Aco.foreign_key fields I'm after correspond to Section.ids.
Once i have those, I fetch the relevant Sections as a threaded list.
Obviously, you'd just be interested in the record IDs.
What I'm storing in the cache is the Sections themselves. For your
case, you'd likely want to save the record IDs in the session instead
of caching them.
Anyway, the important thing is the joins used to get at the model IDs
for your record-level ACL through the ACO.foreign_key.
Let me know if you want more info.
On Wed, Sep 23, 2009 at 5:19 PM, rOger <[email protected]> wrote:
>
> Hi @all,
>
> I'm really new to CakePHP and I read about the ACL modell of CakePHP.
> As usual also the examples seems to be simple so it is easy to
> understand the system. I'm evaluating cakePHP for a new project where
> I have records which belongs to a given user = that is the owner of
> the record. Now I want to have a ACL system which enables some groups
> (like Administrators) full access to these records. That is the "easy"
> part and is well documented. The second part is a little bit more
> tricky (in my opinion): The owner should also have full access to his
> record details (means should be editable) but other users should have
> no access. That means that the ACL system has to decide according to a
> field value of a record if the user has access to or not.
>
> I hope it is clear what I need and hope that someone can spend some
> light on this issue.
>
> Thanks in advance,
> rOger
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
