I know that globals are bad but... I just set a global $gblCurrentUser when the user logs in. Then accessing that in models, I can add a select condition for that user in the beforeFind etc..
You get the idea? Rick On Sep 24, 12:20 am, brian <[email protected]> wrote: > I did something similar to this. However, I was so overwhelmed by the > contradictory and/or incomplete information I found about Cake's ACL > (mostly because it was quite dated) that I really don't know for sure > that I did it the best way. > > My app is an extranet that has several different Groups. The > navigation consists of many Sections that are stored as a tree (MPTT). > Some Sections may not be seen by certain Groups. So, to display this > navigation tree, I called this method in my SectionsController: > > public function nav($group_id = null) > { > if (is_null($group_id)) > { > if (!$this->params['admin']) > { > $group_id = $this->Auth->user('group_id'); > } > } > $this->Session->write('group_id_for_nav', $group_id); > > /* try getting the nodes from the cache > */ > $sections = Cache::read("group_sections_${group_id}", 'default'); > > if (!$sections) > { > /* fetch the permissions for this group > */ > $perms = $this->Acl->Aco->find( > 'all', > array( > 'fields' => array('Aco.foreign_key'), > 'conditions' => array( > 'Aco.model' => 'Section', > 'Aco.id = Permission.aco_id' > ), > 'recursive' => -1, > 'joins' => array( > array( > 'table' => 'aros', > 'alias' => 'Aro', > 'type' => 'INNER', > 'conditions'=> array( > 'Aro.model' => > 'Group', > "Aro.foreign_key = > ${group_id}" > ) > ), > array( > 'table' => 'aros_acos', > 'alias' => 'Permission', > 'type' => 'INNER', > 'conditions'=> array( > 'Permission.aro_id = > Aro.id', > 'Permission._read >= > 0' > ) > ) > ) > ) > ); > > $section_ids = Set::extract($perms, '{n}.Aco.foreign_key'); > > /* we don't want to see the root node > */ > unset($section_ids[0]); > > /* now grab the sections these permissions allow > */ > $sections = $this->Section->threaded($section_ids); > > /* save this group's allowed sections > */ > Cache::write("group_sections_${group_id}", $sections, > 'default'); > } > return $sections; > > } > > So, the Aco.foreign_key fields I'm after correspond to Section.ids. > Once i have those, I fetch the relevant Sections as a threaded list. > Obviously, you'd just be interested in the record IDs. > > What I'm storing in the cache is the Sections themselves. For your > case, you'd likely want to save the record IDs in the session instead > of caching them. > > Anyway, the important thing is the joins used to get at the model IDs > for your record-level ACL through the ACO.foreign_key. > > Let me know if you want more info. > > On Wed, Sep 23, 2009 at 5:19 PM, rOger <[email protected]> wrote: > > > Hi @all, > > > I'm really new to CakePHP and I read about the ACL modell of CakePHP. > > As usual also the examples seems to be simple so it is easy to > > understand the system. I'm evaluating cakePHP for a new project where > > I have records which belongs to a given user = that is the owner of > > the record. Now I want to have a ACL system which enables some groups > > (like Administrators) full access to these records. That is the "easy" > > part and is well documented. The second part is a little bit more > > tricky (in my opinion): The owner should also have full access to his > > record details (means should be editable) but other users should have > > no access. That means that the ACL system has to decide according to a > > field value of a record if the user has access to or not. > > > I hope it is clear what I need and hope that someone can spend some > > light on this issue. > > > Thanks in advance, > > rOger --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
