Hi, Some time ago I wrote a plugin to manage ACL permissions in my applications (http://www.alaxos.net/blaxos/pages/view/plugin_acl). It works fine, but someone sent me an email to tell me that one of the plugins he uses in his application is not recognized by my ACL plugin at all.
I just had a look at the code of this 'invisible' plugin (Cakemenu plugin: http://nik.chankov.net/2010/09/01/cakephp-cakemenu-plugin) and discovered that all of its actions are placed in a default controller: cakemenu controllers cakemenu_controller.php - index - preview - ... When I wrote my ACL plugin, I did specifically hide these actions placed in such default controllers because I discovered that they may cause problem when the ACL permissions are checked. Indeed, in this situation, the ACO tree needed by Auth+Acl would look like this: - controllers - Cakemenu - Cakemenu - index - preview - ... And the ACL permission check seems to have good chances to fail here as the path contains twice the alias 'Cakemenu'. By looking at the Cake code, I found that the method node($ref = null) of the AclNode class builds SQL queries with LEFT joins based on the aliases. And this is a problem with same aliases appearing more than once. Has anyone encountered this problem ? Is it a bug in Cake ? Any solution ? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
