@brian: It looks rather complex to accomplish such a "easy" task so I
think there must be an easier way to get the same result...
@Rick: Your solution is the one I used before but I thought that there
must be a solution that is integrated into the ACO/ACL concept...
It's always the same problem with every framework; simple tasks are
easy; real world scenarios are big challenges. It would be interesting
to know how the developers of cakePHP/ACL-system would accomplish this
task...
regards,
rOger
On 24 Sep., 16:09, Rick <will...@gmail.com> wrote:
> I know that globals are bad but...
>
> I just set a global $gblCurrentUser when the user logs in. Then
> accessing that in models, I can add a select condition for that user
> in the beforeFind etc..
>
> You get the idea?
>
> Rick
>
> On Sep 24, 12:20 am, brian <bally.z...@gmail.com> wrote:
>
> > I did something similar to this. However, I was so overwhelmed by the
> > contradictory and/or incomplete information I found about Cake's ACL
> > (mostly because it was quite dated) that I really don't know for sure
> > that I did it the best way.
>
> > My app is an extranet that has several different Groups. The
> > navigation consists of many Sections that are stored as a tree (MPTT).
> > Some Sections may not be seen by certain Groups. So, to display this
> > navigation tree, I called this method in my SectionsController:
>
> > public function nav($group_id = null)
> > {
> > if (is_null($group_id))
> > {
> > if (!$this->params['admin'])
> > {
> > $group_id = $this->Auth->user('group_id');
> > }
> > }
> > $this->Session->write('group_id_for_nav', $group_id);
>
> > /* try getting the nodes from the cache
> > */
> > $sections = Cache::read("group_sections_${group_id}", 'default');
>
> > if (!$sections)
> > {
> > /* fetch the permissions for this group
> > */
> > $perms = $this->Acl->Aco->find(
> > 'all',
> > array(
> > 'fields' => array('Aco.foreign_key'),
> > 'conditions' => array(
> > 'Aco.model' => 'Section',
> > 'Aco.id = Permission.aco_id'
> > ),
> > 'recursive' => -1,
> > 'joins' => array(
> > array(
> > 'table' => 'aros',
> > 'alias' => 'Aro',
> > 'type' => 'INNER',
> > 'conditions'=> array(
> > 'Aro.model' => 'Group',
> > "Aro.foreign_key = ${group_id}"
> > )
> > ),
> > array(
> > 'table' => 'aros_acos',
> > 'alias' => 'Permission',
> > 'type' => 'INNER',
> > 'conditions'=> array(
> > 'Permission.aro_id = Aro.id',
> > 'Permission._read >= 0'
> > )
> > )
> > )
> > )
> > );
>
> > $section_ids = Set::extract($perms, '{n}.Aco.foreign_key');
>
> > /* we don't want to see the root node
> > */
> > unset($section_ids[0]);
>
> > /* now grab the sections these permissions allow
> > */
> > $sections = $this->Section->threaded($section_ids);
>
> > /* save this group's allowed sections
> > */
> > Cache::write("group_sections_${group_id}", $sections, 'default');
> > }
> > return $sections;
>
> > }
>
> > So, the Aco.foreign_key fields I'm after correspond to Section.ids.
> > Once i have those, I fetch the relevant Sections as a threaded list.
> > Obviously, you'd just be interested in the record IDs.
>
> > What I'm storing in the cache is the Sections themselves. For your
> > case, you'd likely want to save the record IDs in the session instead
> > of caching them.
>
> > Anyway, the important thing is the joins used to get at the model IDs
> > for your record-level ACL through the ACO.foreign_key.
>
> > Let me know if you want more info.
>
> > On Wed, Sep 23, 2009 at 5:19 PM, rOger <roger.eisenec...@icer.ch> wrote:
>
> > > Hi @all,
>
> > > I'm really new to CakePHP and I read about the ACL modell of CakePHP.
> > > As usual also the examples seems to be simple so it is easy to
> > > understand the system. I'm evaluating cakePHP for a new project where
> > > I have records which belongs to a given user = that is the owner of
> > > the record. Now I want to have a ACL system which enables some groups
> > > (like Administrators) full access to these records. That is the "easy"
> > > part and is well documented. The second part is a little bit more
> > > tricky (in my opinion): The owner should also have full access to his
> > > record details (means should be editable) but other users should have
> > > no access. That means that the ACL system has to decide according to a
> > > field value of a record if the user has access to or not.
>
> > > I hope it is clear what I need and hope that someone can spend some
> > > light on this issue.
>
> > > Thanks in advance,
> > > rOger
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment