Thanks for your answers!! @brian: It looks rather complex to accomplish such a "easy" task so I think there must be an easier way to get the same result...
@Rick: Your solution is the one I used before but I thought that there must be a solution that is integrated into the ACO/ACL concept... It's always the same problem with every framework; simple tasks are easy; real world scenarios are big challenges. It would be interesting to know how the developers of cakePHP/ACL-system would accomplish this task... regards, rOger On 24 Sep., 16:09, Rick <[email protected]> wrote: > I know that globals are bad but... > > I just set a global $gblCurrentUser when the user logs in. Then > accessing that in models, I can add a select condition for that user > in the beforeFind etc.. > > You get the idea? > > Rick > > On Sep 24, 12:20 am, brian <[email protected]> wrote: > > > I did something similar to this. However, I was so overwhelmed by the > > contradictory and/or incomplete information I found about Cake's ACL > > (mostly because it was quite dated) that I really don't know for sure > > that I did it the best way. > > > My app is an extranet that has several different Groups. The > > navigation consists of many Sections that are stored as a tree (MPTT). > > Some Sections may not be seen by certain Groups. So, to display this > > navigation tree, I called this method in my SectionsController: > > > public function nav($group_id = null) > > { > > if (is_null($group_id)) > > { > > if (!$this->params['admin']) > > { > > $group_id = $this->Auth->user('group_id'); > > } > > } > > $this->Session->write('group_id_for_nav', $group_id); > > > /* try getting the nodes from the cache > > */ > > $sections = Cache::read("group_sections_${group_id}", 'default'); > > > if (!$sections) > > { > > /* fetch the permissions for this group > > */ > > $perms = $this->Acl->Aco->find( > > 'all', > > array( > > 'fields' => array('Aco.foreign_key'), > > 'conditions' => array( > > 'Aco.model' => 'Section', > > 'Aco.id = Permission.aco_id' > > ), > > 'recursive' => -1, > > 'joins' => array( > > array( > > 'table' => 'aros', > > 'alias' => 'Aro', > > 'type' => 'INNER', > > 'conditions'=> array( > > 'Aro.model' => > > 'Group', > > "Aro.foreign_key = > > ${group_id}" > > ) > > ), > > array( > > 'table' => 'aros_acos', > > 'alias' => 'Permission', > > 'type' => 'INNER', > > 'conditions'=> array( > > 'Permission.aro_id > > = Aro.id', > > 'Permission._read > > >= 0' > > ) > > ) > > ) > > ) > > ); > > > $section_ids = Set::extract($perms, '{n}.Aco.foreign_key'); > > > /* we don't want to see the root node > > */ > > unset($section_ids[0]); > > > /* now grab the sections these permissions allow > > */ > > $sections = $this->Section->threaded($section_ids); > > > /* save this group's allowed sections > > */ > > Cache::write("group_sections_${group_id}", $sections, > > 'default'); > > } > > return $sections; > > > } > > > So, the Aco.foreign_key fields I'm after correspond to Section.ids. > > Once i have those, I fetch the relevant Sections as a threaded list. > > Obviously, you'd just be interested in the record IDs. > > > What I'm storing in the cache is the Sections themselves. For your > > case, you'd likely want to save the record IDs in the session instead > > of caching them. > > > Anyway, the important thing is the joins used to get at the model IDs > > for your record-level ACL through the ACO.foreign_key. > > > Let me know if you want more info. > > > On Wed, Sep 23, 2009 at 5:19 PM, rOger <[email protected]> wrote: > > > > Hi @all, > > > > I'm really new to CakePHP and I read about the ACL modell of CakePHP. > > > As usual also the examples seems to be simple so it is easy to > > > understand the system. I'm evaluating cakePHP for a new project where > > > I have records which belongs to a given user = that is the owner of > > > the record. Now I want to have a ACL system which enables some groups > > > (like Administrators) full access to these records. That is the "easy" > > > part and is well documented. The second part is a little bit more > > > tricky (in my opinion): The owner should also have full access to his > > > record details (means should be editable) but other users should have > > > no access. That means that the ACL system has to decide according to a > > > field value of a record if the user has access to or not. > > > > I hope it is clear what I need and hope that someone can spend some > > > light on this issue. > > > > Thanks in advance, > > > rOger --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
