Wednesday, April 29, 2009

Re: ACL from View

Although not a best way to achieve this, but so far this is my method:

login function stores users ACL group in Auth.user.group:
$gr = $this->User->Group->findById($this->Auth->user('group_id'));
$this->Session->write('Auth.User.group', $gr['Group']['name']);


in view i put this: (yes, I will make a helper to do it one day)
if (in_array($session->read('Auth.User.group'), array("Administrator",
"Designer"))
{
...
}

so far works like a charm.


sdc53 pisze:
> I was wondering if anyone has any ideas regarding determining based on
> ACL whether or not a particular user has access to a specific
> controller/action pair from the view.
> Currently, we use the html helper to generate links to edit actions,
> etc something like the following:
>
> <?php echo $html->link('Edit', array('action'=>'edit', $model['Model']
> ['id'])); ?>
>
> Ideally, it would be in the form of a special helper (which I know has
> no access to the database) that checks to see if the logged-in user
> has access to that method and just does not generate the link if there
> is no access.
>
> We have a variety of user types and groups, with varying levels of
> access in our application using the same views.
>
> Based on the quantity of links and variability of some of the views we
> generate, I'd like to stay away from generating special variables for
> this purpose in the controller before the view is rendered, or
> creating special views that are basically identical for the different
> types of users in the system to hide these links.
> >
>
>


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

No comments: