> On Sep 28, 11:39 am, sathyashrayan <sathyashra...@gmail.com> wrote:
>
>
>
>
>
>
>
>
>
> > Ok I have made the RMAC work (http://jmcneese.wordpress.com/2010/01/28/
> > rmac-is-dead-long-live-rmac/) I will tell what i have done.
>
> > 1)Downloaded a fresh cakephp
> > 2)created the users,groups tables
> > 3)acos,aros,acos_aros ("cake schema create DbAcl" in command line)
> > 4)Baked users and used Auth component to set up a login page
> > 5)Placed the plugin in [path]/app/plugin/permissionable
> > 6)Created the permission_bits table
> > 7)Created a "contacts" table for a sample module
> > 8)In the file [path]\app\plugins\permissionable\controllers\components
> > \permissionable.php I added
> > var $components = array('Session', 'Auth');
> > for calling
> > $users = $this->Auth->user();
> > Then assigned userid and groupid in
>
> > $users = $this->Auth->user();
> > $userId = $users['User']['id'];
> > $groupId = $users['User']['id'];
> > Permissionable::setUserId($userId);
> > Permissionable::setGroupId($groupId);
> > Permissionable::setGroupIds(array($groupId));
>
> > 9)Created some groups in tree (tree component) with hierarchy
>
> > 10)Now each user logged in and creates a contact the
> > "permission_bits" table gets filled with model,and model Id and 416
> > (default bits) in perms..
>
> > 11)If each user logs in and he can see only his records. He can edit
> > and view but he can not delete his own record. If an Admin logs in he
> > can do all the action(delete also) on all the record including his
> > record..
>
> > Now what i need is..
>
> > 1)Record created user (owner) can also delete his record
>
> Ok i have found out doing this point. Which is 480 in the prems coloum
> of permission_bits table.
> 840 == (111) - (100) - (000). Add the line before calling save ($this-
>
> >Contact->save($this->data)) in the contact_controller..
>
> $this->data['Permissionable'] = array('perms'=>480);
>
>
>
>
>
>
>
> > 2)Record created user (owner) can allow other group's user below his
> > level to do all the action (create/update/delete/view)
>
> > I can guess that this could be done in the Behavior (\app\plugins
> > \permissionable\models\behaviors\permissionable.php) with correct bit
> > set in the callback functions. But i dont know what is the bit mask
> > for that. If i am wrong then please correct me and guide me how to do
> > that.
>
ok I got a bit more closer in this. I have changed the
Permissionable::setUserId(array($userId,6,7)); in the file
[path]\app\plugins\permissionable\controllers\components
\permissionable.php
where 6,7 are other user IDs I get the following query generated with
beforeFind() callback function from the file [path]\app\plugins
\permissionable\models\behaviors\permissionable.php
SELECT `Contact`.*, `ContactPermissionBit`.* FROM `contacts` AS
`Contact` INNER JOIN `permission_bits` AS `ContactPermissionBit` ON
(`ContactPermissionBit`.`foreign_id` = `Contact`.`id` AND
`ContactPermissionBit`.`model` = 'Contact' AND
`ContactPermissionBit`.`foreign_id` = `Contact`.`id` AND
((`ContactPermissionBit`.`perms`&4 <> 0) OR
(((`ContactPermissionBit`.`perms`&32 <> 0) AND
(`ContactPermissionBit`.`gid` = 2))) OR
(((`ContactPermissionBit`.`perms`&256 <> 0) AND
(`ContactPermissionBit`.`uid` IN (2,6,7)))))) WHERE 1 = 1 LIMIT 20
Look at the last part of the query IN (2,6,7) that happens with the
array of user ids. But this will affect the afterSave() callback in
[path]\app\plugins\permissionable\models\behaviors\permissionable.php
since it expects a variable but not an array. So I have changed the
code to check if its a array or variable. Just added these lines on
the top.
//$user_id = Permissionable::getUserId();
//$group_id = Permissionable::getGroupId();
if(is_array(Permissionable::getUserId()))
{
$ids_user = Permissionable::getUserId();
$user_id = $ids_user[0];
}
else
{
$user_id = Permissionable::getUserId();
}
if(is_array(Permissionable::getGroupId()))
{
$ids_group = Permissionable::getGroupId();
$group_id = $ids_group[0];
}
else
{
$group_id = Permissionable::getGroupId();
}
So now this works on both afterSave() and beforeFind() callback
function, never minding if it is a array or variable.
Now if user id 2 is the leader and user id 6 and 7 are under the
privilege of user 2. How can i restrict some resource for the other
users such as no deleting possible for 6,7 but only view. But user id
2 could do all the CRUD since he is the master for this record? I
think I need to make a bitmask for this in perms but where in
afterSave() and what is that bit?
I wounder why I am not getting any help for this issue.. May be people
here did not able to open the link which is
http://jmcneese.wordpress.com/2010/01/28/rmac-is-dead-long-live-rmac/
http://jmcneese.wordpress.com/2009/04/19/rmac-ftw-part-1/
Please help..:o
> > One more this is when a admin delets all the record the
> > "permission_bits" table not getting deleted..
>
> > Thanks for any help..
>
> > On Sep 26, 5:04 pm, sathyashrayan <sathyashra...@gmail.com> wrote:
>
> > > Dear group,
> > > After i used ACL plugin by Alaxos (http://www.alaxos.ch/blaxos/pages/
> > > view/plugin_acl) i wanted to have a ACL at each record level. That is,
> > > a user's record need not be shown to the non-Creator. I started to
> > > understand the concept of record level ACL from this thread.
>
> > > http://groups.google.com/group/cake-php/browse_frm/thread/886fe37ecbc...
>
> > > After downloading those code from those given links about RMAC i
> > > tried to implement it. But I am stuck. So i started to read that code
> > > (behaviour, [path]/app/plugin/permissionable/models/behaviors) i
> > > understood that its the callback function that does all. Especially
> > > the bit checking in _getPermissionQuery function. But I am still not
> > > clear in implementation(user end). So i studied the Auth and ACL
> > > component in core cake (libs) and i saw the _create,_delete (CRUD)
> > > permission is set in Auth. Then I understood that RMAC implementation
> > > is different from Core ACL which uses aros_acos table. My doubt with
> > > the RMAC plugin is this.. Does every record will have an extra entry
> > > in the permission table? Can anyone give an example of this full
> > > working of the RMAC code, with more than two or three model (tables)
> > > with tree level access (roles) including every entry in the permission
> > > table. Can I able to use both the ACL plugin and RMAC plugin together?
>
> > > I am also planing to have own interface for the ACL, both action
> > > level and record level. I am not sure if this will be continued since
> > > i work for a company and they asked so. It could be dropped any time.
> > > A basic layout as follows in a word docs.
>
> > >https://docs.google.com/document/d/1VGkvtvZk3fuST_pgn1q0sfhtvgka1NCTY...
>
> > > This is very basic and it could be non feasible (funny :D).
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment