Hey Everyone,
I am building a fairly big app and decided to tackle ACL and it is
actually working.
I have three groups:
administrator
user
artist
Here are the permissions:
$group->id = 1;
$this->Acl->allow($group, 'controllers');
//allow users
$group->id = 2;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Users/view');
$this->Acl->allow($group, 'controllers/Users/edit');
$this->Acl->allow($group, 'controllers/UserPreferences/view');
$this->Acl->allow($group, 'controllers/UserPreferences/add');
$this->Acl->allow($group, 'controllers/UserPreferences/edit');
$this->Acl->allow($group, 'controllers/UserPreferences/delete');
//allow artists
$group->id = 3;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Users/view');
$this->Acl->allow($group, 'controllers/Users/edit');
$this->Acl->allow($group, 'controllers/UserPreferences/view');
$this->Acl->allow($group, 'controllers/UserPreferences/add');
$this->Acl->allow($group, 'controllers/UserPreferences/edit');
$this->Acl->allow($group, 'controllers/UserPreferences/delete');
$this->Acl->allow($group, 'controllers/ArtistPreferences/view');
$this->Acl->allow($group, 'controllers/ArtistPreferences/add');
$this->Acl->allow($group, 'controllers/ArtistPreferences/edit');
$this->Acl->allow($group, 'controllers/ArtistPreferences/delete');
I thought once this was all set up that a user would only be able to
edit their own info and only their own info.
For some reason I can (signed in as user) only view that profile
associated with the user and once I click "edit user" then I am taken
to the edit screen. I can then change the URL to another users ID and
their info comes up, ready to be edited and then upon save it updates.
I don't know why I can't see other profiles by changing the URL since
users have access to view but can edit others with the same access.
Also - can someone explain in a few sentences the best way to add
admin functions to this?
Should I be making separate controller actions. IE. admin-edit,
etc..
Will I be using isAuthorized with this to make those declartions.
I got this far and am very happy with all the documentation out there
but am now kinda stuck as to how to proceed. I have done this with
regular PHP but am really trying to learn cakephp and best practices
so I can make my app bullet proof. Cake really is amazing and 1.3,
hell yeah.
Sorry if this is confusing. Been coding and searching for hours
today.
Thank you so much,
Brad
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
