Friday, October 31, 2008

Re: Admin + Members suggested setup??

Admin routing and ACL are two different things, admin routing is just
a "quick way" to have some action not accessible from everybody with a
few efforts.
And from what i know (but it should be cheched) at least in Cake 1.2
there's
also the availability of some "super_admin" methods.

Anyway a nice advantage in using admin routing, in respect of making
your own
checks, is that you can do ONCE in the before_filter action of the
AppController
(the controller from which every other controller inherits) the check,
and
you have to check only one param of the request: 'admin'.

Here an example:

class AppController extends Controller{

.........

function beforeFilter() {
// if admin pages are being requested
if(isset($this->params['admin'])){
if (!$this->Session->check('User')) {
// set flash message and redirect
$this->Session->setFlash('You need to be logged in to
access this area');
$this->redirect('/users/login/?redir='.$this->params['url']
['url'],true);
}
}

//If already logged in change the layout to admin
$this->layout='admin_theme';
}

.............

}


Of course this method can be used only for simple and small
applications,
if you need more complex authentication and authorization, you should
consider
using Auth and ACL components.

Bye,
Andrea

On Oct 30, 7:51 pm, Brenton B <brenton.bar...@gmail.com> wrote:
> Is the Admin routing intended as strictly for Root Admin? Or anyone
> that can log in? just seems a bit vague.
>
> On Oct 29, 11:54 am, Brenton B <brenton.bar...@gmail.com> wrote:
>
> > Essentially ... what makes the Admin Routing so special, and why
> > should I use it? What's the advantage over just having all the checks
> > in my own code? (ex: checks that they're logged in as admin and have
> > the right permissions)
>
> > On Oct 28, 1:33 pm, Brenton B <brenton.bar...@gmail.com> wrote:
>
> > > Quick question as to what would be the best Cake-y setup:
>
> > > So I've got a list of Users who can either be Admin, Editors, or
> > > simply Members.
> > > Members can edit their own profiles, but Admin can also edit anyone's
> > > profile (at this point Editors are just normal Members with special
> > > status).
>
> > > When it comes to admin routing, should that only be used for strictly
> > > Admins and not Members?
> > > Ex:
> > > /profiles/edit -> what Members use and there's a check that the
> > > profile matches with the member
> > > /profiles/admin_edit -> only Admin uses this.
>
> > > And how would that all work with ACL? It seems like there's a wee bit
> > > of overlap here.
>
> > > How have people set this up?
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

No comments: