ACL as well and was hoping ACL could take care of it somehow. I guess
I have to cobble something together that does a bit of both.
On Sep 26, 10:47 am, McBuck DGAF <mcbuckd...@gmail.com> wrote:
> If you are using prefixes to define admin controllers, this article
> describes a method for defining permissions using the prefix routing
> parameters:
>
> http://bakery.cakephp.org/articles/view/user-permissions-based-on-a-r...
>
> On Sep 24, 4:35 pm, calzone <calz...@gmail.com> wrote:
>
>
>
> > I don't think people are getting what I'm asking. Either that or I'm
> > not understanding the answers.
>
> > How do I set ACL permissions based on the presence of a particular
> > string at the beginning of the url (for example /admin/*) or of the
> > action name (admin_*)?
>
> > I only see examples of ACL being used to allow or deny access based on
> > all controllers, or named controllers, or named actions. I feel like
> > there must be some way to identify "deny access to all admin
> > controllers" etc.
>
> > On Sep 24, 7:51 am, BrendonKoz <Brendon...@hotmail.com> wrote:
>
> > > If you want something like a SUPER ADMIN level and a standard admin
> > > level, then you'd want to create a master ACO. The book sort of shows
> > > this in the introduction of ACL, but not in the actual code examples.
>
> > > For instance, an example tree:
> > > Site
> > > - Admin
> > > - - Controller 1 Admin
> > > - - Controller 2 Admin
> > > - Controller 1
> > > - Controller 2
>
> > > By having a top-level ACO, applying a group ownership to that top
> > > level ACO and giving full permissions, by default the super admin
> > > would be able to access everything (or be denied from everything,
> > > depending on how you managed it).
>
> > > It's been awhile since I've set up an ACL like this, so it might not
> > > be exact, but that was the general idea behind it. It worked pretty
> > > well for the particular project that I used it on.
>
> > > The largest downfall to the Tree Traversal method for ACL is that it
> > > stops when it finds the first match. Therefore, although you
> > > technically could have a single user in multiple groups with differing
> > > access (group 1 has access to "x", group 2 has access to "y", user 1
> > > is a member of both groups - would like to have access to both "x" and
> > > "y"), whichever group is found first for user 1 will be what
> > > permission is assigned (if group 1 is found first, user 1 will not
> > > have access to "y"). In that case, if you need such fine granularity,
> > > the power of groups would need to be removed and instead ACL would
> > > need to be handled per user. This is currently what I'm planning out
> > > for my application. It's giving me a headache trying to make sure I
> > > cover all of our organizations little nuances like this.
>
> > > On Sep 24, 2:18 am, Andrei Mita <andrei.m...@gmail.com> wrote:
>
> > > > You could deny access in beforeFilter in AppController to all admin_ actions
> > > > for everyone except one ore more groups, I guess.
>
> > > > On Thu, Sep 23, 2010 at 11:14 PM, calzone <calz...@gmail.com> wrote:
> > > > > Yes, he wrote the tutorial on book.cakephp.org I followed to begin
> > > > > with.
>
> > > > > But neither the tutorial nor his site answer my specific question.
> > > > > I'm trying to blanket deny any controller action that is accessed via
> > > > > admin routing to anyone who is not part of one specific group.
>
> > > > > Sure, I could manually create an aro-aco for every single action whose
> > > > > name begins with admin_ --but that defeats the purpose and simplicity
> > > > > of using a single centralized permission.
>
> > > > > It seems to me it should be easy (automatic even) to have acl
> > > > > automatically hook into admin and superadmin routing so that you
> > > > > DONT'T HAVE to define permissions for every single action.
>
> > > > > On Sep 23, 10:55 am, Sam Sherlock <sam.sherl...@gmail.com> wrote:
> > > > > > Mark covers this here
>
> > > > > >http://mark-story.com/posts/view/auth-and-acl-an-end-to-end-tutorial-...
>
> > > > > > - S
>
> > > > > > On 23 September 2010 17:45, calzone <calz...@gmail.com> wrote:
>
> > > > > > > No takers? I thought for sure there was a simple obvious answer I had
> > > > > > > overlooked somehow.
>
> > > > > > > On Sep 22, 1:36 pm, calzone <calz...@gmail.com> wrote:
> > > > > > > > So I have acl and admin routing on a site.
>
> > > > > > > > I'd like to create an aro-aco that blanket denies all admin actions
> > > > > to
> > > > > > > > anyone who is not in group x.
>
> > > > > > > > And vice versa, i'd like to blanket allow all admin actions to anyone
> > > > > > > > who is in group x.
>
> > > > > > > > After that I might fine tune access for certain subgroups or
> > > > > > > > individuals, but as a starting point, is there a way to set this up
> > > > > or
> > > > > > > > am I only able to allow or deny access on a controller or action
> > > > > basis?
>
> > > > > > > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp
> > > > > others
> > > > > > > with their CakePHP related questions.
>
> > > > > > > You received this message because you are subscribed to the Google
> > > > > Groups
> > > > > > > "CakePHP" group.
> > > > > > > To post to this group, send email to cake-php@googlegroups.com
> > > > > > > To unsubscribe from this group, send email to
> > > > > > > cake-php+unsubscribe@googlegroups.com<cake-php%2Bunsubscr...@googlegroups.c om>
> > > > > <cake-php%2Bunsubscr...@googlegroups.c om>For more options, visit this
> > > > > group at
> > > > > > >http://groups.google.com/group/cake-php?hl=en
>
> > > > > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelpothers
> > > > > with their CakePHP related questions.
>
> > > > > You received this message because you are subscribed to the Google Groups
> > > > > "CakePHP" group.
> > > > > To post to this group, send email to cake-php@googlegroups.com
> > > > > To unsubscribe from this group, send email to
> > > > > cake-php+unsubscribe@googlegroups.com<cake-php%2Bunsubscr...@googlegroups.c om>For more options, visit this group at
> > > > >http://groups.google.com/group/cake-php?hl=en
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment