why not try use phpgacl..there is plugin component for cake..
On May 29, 2011 3:21 AM, "dreamingmind" <dreamingmind.8@gmail.com> wrote:
> Michael,
>
> Non-expert reply:
> After fiddling with ACL for a while I'll say, yes it can do all you
> want. The aco entries can represent anything you want them to,
> controllers, actions, individual db records, tabes, urls... Aros can
> likewise represent anything you choose, users, controllers, actions,
> ip adresses...
>
> The permission table will hook up the allowable combinations. And
> since both aros and acos are in a tree structure you can set up any
> grouping or nesting that serves your needs.
>
> It is worth noting that there are two ways to identify an aro or aco
> node, by alias or by table and id. Ponder the value of these two ways
> of identifying a requestor or controlled item.
>
> As to the specifics of implementing your system... I can't be too
> specific because I'm stilling trying to sort this out. It seems you
> can always resort to a kind of brute force approach. At the critical
> point in your logic you test: does this aro have permission to access
> this aco?
>
> This is the area where I find the tutorials a bit vague. They assume
> that there is always going to be a standard pattern for testing. User
> to action or user to crud function on a table. Possibly because my
> thinking is too fuzzy to build my apps cleanly or possibly because
> this ideal situation is not realistic, I have found it a bit confusing
> decide what testing mode to use and where to have the checks made.
>
> You are probably going to need to build some before and after save
> code to make sure proper permissions are set up as things grow. A
> simple case from tutorials: when a user registers, the save code could
> make the new user aro record and an aco entry and give them permission
> to access their own db record.
>
> In your case, the work product of a company employee on a project
> might need to be listed as a child aco in a collection that was
> accessible to managers of that company.
>
> Regards,
> Don
>
> On May 28, 3:54 pm, mivogtGermanyLU <miv...@mivogt.net> wrote:
>> Hi there,
>>
>> after spending some hours of reading the chapert about acl/aro/acro in the
>> cake books and the cake homepage I am still or even more confused about the
>> topic.
>> I understood the meaning of a tree containing the rights but I am absolute
>> not sure about if it matches my needs or even on how to realize it in my
>> app.
>>
>> So any helping comment is welcome. Linked full tutorials would be great,
>> too.
>>
>> My app consists of a set of MVC stuff to register services grated by users
>> to be manged from users to be done by users for users with some hierachy in
>> background.
>> So there needs to be a superadmin to setup the users in all levels
>> I need granters to grant projects
>> I need some to set up the jobs getters and workers
>> etc
>>
>> and in the meaning of some safety the i.e. workers shokld not be able to
>> change or delete granted jobs etc
>>
>> so basically I need to limit the actions/views allowed to a specific logged
>> in users (after login using auth component)
>> secondly I need to limit the datasets shown to a user based on his role and
>> the linked models content
>>
>> i.e.
>> 2 company are granting services to be done for customers with no need to
>> know each other or the others customers
>> if a company grants a service for a customer a service-company is named to
>> fullfill it. So the C sets up the job to be done and the company to do the
>> job
>> The servicecompany will have staffs getting some kind of tickes with jobs to
>> be done and the staff will need to fill a timereport linked to a granted job
>> (containing the job_id dthe granterid, the service_id datwe,time etc) with
>> the limitation he wont be able to see jobs done for the customer by others
>> ...
>>
>> to me it looks a bit difficult to split it up into roles only
>> maybe I need some kind of data-limiting functions, too. Any chance to get it
>> done by the acl or will I need to add some conditions in my find() inside
>> the controllers?
>>
>> Thanks in advance
>>
>> Michael
>
> --
> Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
-- > Michael,
>
> Non-expert reply:
> After fiddling with ACL for a while I'll say, yes it can do all you
> want. The aco entries can represent anything you want them to,
> controllers, actions, individual db records, tabes, urls... Aros can
> likewise represent anything you choose, users, controllers, actions,
> ip adresses...
>
> The permission table will hook up the allowable combinations. And
> since both aros and acos are in a tree structure you can set up any
> grouping or nesting that serves your needs.
>
> It is worth noting that there are two ways to identify an aro or aco
> node, by alias or by table and id. Ponder the value of these two ways
> of identifying a requestor or controlled item.
>
> As to the specifics of implementing your system... I can't be too
> specific because I'm stilling trying to sort this out. It seems you
> can always resort to a kind of brute force approach. At the critical
> point in your logic you test: does this aro have permission to access
> this aco?
>
> This is the area where I find the tutorials a bit vague. They assume
> that there is always going to be a standard pattern for testing. User
> to action or user to crud function on a table. Possibly because my
> thinking is too fuzzy to build my apps cleanly or possibly because
> this ideal situation is not realistic, I have found it a bit confusing
> decide what testing mode to use and where to have the checks made.
>
> You are probably going to need to build some before and after save
> code to make sure proper permissions are set up as things grow. A
> simple case from tutorials: when a user registers, the save code could
> make the new user aro record and an aco entry and give them permission
> to access their own db record.
>
> In your case, the work product of a company employee on a project
> might need to be listed as a child aco in a collection that was
> accessible to managers of that company.
>
> Regards,
> Don
>
> On May 28, 3:54 pm, mivogtGermanyLU <miv...@mivogt.net> wrote:
>> Hi there,
>>
>> after spending some hours of reading the chapert about acl/aro/acro in the
>> cake books and the cake homepage I am still or even more confused about the
>> topic.
>> I understood the meaning of a tree containing the rights but I am absolute
>> not sure about if it matches my needs or even on how to realize it in my
>> app.
>>
>> So any helping comment is welcome. Linked full tutorials would be great,
>> too.
>>
>> My app consists of a set of MVC stuff to register services grated by users
>> to be manged from users to be done by users for users with some hierachy in
>> background.
>> So there needs to be a superadmin to setup the users in all levels
>> I need granters to grant projects
>> I need some to set up the jobs getters and workers
>> etc
>>
>> and in the meaning of some safety the i.e. workers shokld not be able to
>> change or delete granted jobs etc
>>
>> so basically I need to limit the actions/views allowed to a specific logged
>> in users (after login using auth component)
>> secondly I need to limit the datasets shown to a user based on his role and
>> the linked models content
>>
>> i.e.
>> 2 company are granting services to be done for customers with no need to
>> know each other or the others customers
>> if a company grants a service for a customer a service-company is named to
>> fullfill it. So the C sets up the job to be done and the company to do the
>> job
>> The servicecompany will have staffs getting some kind of tickes with jobs to
>> be done and the staff will need to fill a timereport linked to a granted job
>> (containing the job_id dthe granterid, the service_id datwe,time etc) with
>> the limitation he wont be able to see jobs done for the customer by others
>> ...
>>
>> to me it looks a bit difficult to split it up into roles only
>> maybe I need some kind of data-limiting functions, too. Any chance to get it
>> done by the acl or will I need to add some conditions in my find() inside
>> the controllers?
>>
>> Thanks in advance
>>
>> Michael
>
> --
> Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment