#6339: ACL / Auth when controller is singular
---------------------------+------------------------------------------------
Reporter: loki_racer | Type: Bug
Status: new | Priority: Low
Milestone: 1.2.x.x | Component: Auth
Version: 1.2 Final | Severity: Normal
Keywords: Auth, ACL | Php_version: n/a
Cake_version: |
---------------------------+------------------------------------------------
If a singularized controller name, Exchange, is being used and ACL is
using CRUD, there is an issue with checking isAuthorized().
Url:
{{{
www.domain.com/admin/exchange/index
}}}
Controller:
{{{
class ExchangeController extends AppController {
var $name = 'Exchange';
}}}
Model:
{{{
class Exchange extends AppModel {
var $name = 'Exchange';
var $actsAs = array('Acl' => array('type' => 'controlled'));
var $hasMany = array(
'ExchangeAgenda' => array(
'className' => 'ExchangeAgenda',
'foreignKey' => 'exchange_id',
'order' => 'ExchangeAgenda.start ASC'
),
'ExchangeSponsor' => array(
'className' => 'ExchangeSponsor',
'foreignKey' => 'exchange_id',
'order' =>
array('ExchangeSponsor.sponsorship ASC','ExchangeSponsor.created ASC')
)
);
// used by Acl
// -----------
function parentNode() {
return Inflector::pluralize($this->name);
}
}
}}}
If an acos record is created in the db with alias = Exchange, the child
records created for each exchange won't have the correct parent_id. If
the parent record has an alias of Exchanges, the authorized users can't
access /admin/exchange/*
Fix, in /cake/libs/controller/components/auth.php in isAuthorized()
{{{
$valid = $this->Acl->check(
$user,
$this->action(':controller'),
$this->actionMap[$this->params['action']]
);
}}}
replace with
{{{
$valid = $this->Acl->check(
$user,
Inflector::pluralize($this->action(':controller')),
$this->actionMap[$this->params['action']]
);
}}}
--
Ticket URL: <https://trac.cakephp.org/ticket/6339>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
