Hey everybody
I think I really ran into a limitation of the behavior mechanism and I
wonder whether there's an elegant solution.
I have a simple behavior called AllowanceCheckable which basically
just adds 4 methods to the model:
class AllowanceCheckableBehavior extends ModelBehavior {
function allowsView(&$model, &$user, $options = array()) {
return true; // Everybody can view records
}
function allowsAdd(&$model, &$user, $options = array()) {
return $model->allowsView($user, $options); // Everybody that can
view records can also add records
}
function allowsAdd(&$model, &$user, $options = array()) {
return $model->allowsView($user, $options); // Everybody that can
add records can also edit records
}
function allowsEdit(&$model, &$user, $is_parent, $options = array())
{
return $model->allowsAdd($user, $options); // Everybody that can
edit records can also delete records
}
}
Now I'm attaching the behavior to my AppModel and overwrite the
allowsAdd() method because I don't want everybody to be able to add
records (and edit and delete them):
class AppModel extends Model {
var $actsAs = array(
'AllowanceCheckable'
);
function allowsAdd(&$user, $options = array()) {
return $user->isSuper(); // Only superusers are allowed to add
records
}
}
So far, so good.
But now I have a comment that has some special permissions:
class Comment extends AppModel {
var $name = 'Comment';
function allowsAdd(&$user, $options = array()) {
return true; // Everybody can add comments
}
// I have to overwrite allowsEdit() because the behavior's one would
only pass the call to allowsAdd() of the current Comment class, which
would result in everybody being able to edit any comments!
function allowsEdit(&$user, $options = array()) {
return parent::allowsEdit($user, false, $options = array()); // I
want to use the default setting for who is allowed to edit records by
default which is set in the parent's allowsEdit() method! (Which
should result in only superusers being able to edit records)
}
}
So now when I'm doing the following...
$c = new Comment;
$c->allowsEdit();
...I'd expect to happen the following:
1) Comment::allowsEdit is called which itself calls
AppModel::allowsEdit
2) AppModel::allowsEdit does not exist, so CakePHP passes the call to
AllowanceCheckableComponent::allowsEdit
3) AllowanceCheckableComponent::allowsEdit passes the call to
AppModel::allowsAdd() which returns $user->isSuperUser(), so only
superusers are allowed to edit comments
Sadly, this isn't what happens really. The interesting point is #3:
Instead of passing the call to AppModel::allowsAdd(), the call is
passed to Comment::allowsAdd(), which returns true, and so everybody
now is able to edit comments!
Now does anybody see an elegant solution for this? Because I'm
explicitly calling parent::allowsEdit() I'd expect CakePHP not to call
any method that's deeper in the inheritance hierarchy than the parent
itself, but in fact it does.
My quick and dirty solution at the time being is just adding an
AppModel::allowsEdit() method which is able to use self instead of
$this when calling the wanted AppModel::allowsAdd() method, but it
would be nice if CakePHP could handle this some way on itself. But I
guess here we are running against an OOP-limitation of PHP, right?
Thanks a lot for your thinking, guys :-)
Josh
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
