> Ok I have made the RMAC work (http://jmcneese.wordpress.com/2010/01/28/
> rmac-is-dead-long-live-rmac/) I will tell what i have done.
>
> 1)Downloaded a fresh cakephp
> 2)created the users,groups tables
> 3)acos,aros,acos_aros ("cake schema create DbAcl" in command line)
> 4)Baked users and used Auth component to set up a login page
> 5)Placed the plugin in [path]/app/plugin/permissionable
> 6)Created the permission_bits table
> 7)Created a "contacts" table for a sample module
> 8)In the file [path]\app\plugins\permissionable\controllers\components
> \permissionable.php I added
> var $components = array('Session', 'Auth');
> for calling
> $users = $this->Auth->user();
> Then assigned userid and groupid in
>
> $users = $this->Auth->user();
> $userId = $users['User']['id'];
> $groupId = $users['User']['id'];
> Permissionable::setUserId($userId);
> Permissionable::setGroupId($groupId);
> Permissionable::setGroupIds(array($groupId));
>
> 9)Created some groups in tree (tree component) with hierarchy
>
> 10)Now each user logged in and creates a contact the
> "permission_bits" table gets filled with model,and model Id and 416
> (default bits) in perms..
>
> 11)If each user logs in and he can see only his records. He can edit
> and view but he can not delete his own record. If an Admin logs in he
> can do all the action(delete also) on all the record including his
> record..
>
> Now what i need is..
>
> 1)Record created user (owner) can also delete his record
Ok i have found out doing this point. Which is 480 in the prems coloum
of permission_bits table.
840 == (111) - (100) - (000). Add the line before calling save ($this-
>Contact->save($this->data)) in the contact_controller..
$this->data['Permissionable'] = array('perms'=>480);
> 2)Record created user (owner) can allow other group's user below his
> level to do all the action (create/update/delete/view)
>
> I can guess that this could be done in the Behavior (\app\plugins
> \permissionable\models\behaviors\permissionable.php) with correct bit
> set in the callback functions. But i dont know what is the bit mask
> for that. If i am wrong then please correct me and guide me how to do
> that.
>
> One more this is when a admin delets all the record the
> "permission_bits" table not getting deleted..
>
> Thanks for any help..
>
> On Sep 26, 5:04 pm, sathyashrayan <sathyashra...@gmail.com> wrote:
>
>
>
>
>
>
>
> > Dear group,
> > After i used ACL plugin by Alaxos (http://www.alaxos.ch/blaxos/pages/
> > view/plugin_acl) i wanted to have a ACL at each record level. That is,
> > a user's record need not be shown to the non-Creator. I started to
> > understand the concept of record level ACL from this thread.
>
> > http://groups.google.com/group/cake-php/browse_frm/thread/886fe37ecbc...
>
> > After downloading those code from those given links about RMAC i
> > tried to implement it. But I am stuck. So i started to read that code
> > (behaviour, [path]/app/plugin/permissionable/models/behaviors) i
> > understood that its the callback function that does all. Especially
> > the bit checking in _getPermissionQuery function. But I am still not
> > clear in implementation(user end). So i studied the Auth and ACL
> > component in core cake (libs) and i saw the _create,_delete (CRUD)
> > permission is set in Auth. Then I understood that RMAC implementation
> > is different from Core ACL which uses aros_acos table. My doubt with
> > the RMAC plugin is this.. Does every record will have an extra entry
> > in the permission table? Can anyone give an example of this full
> > working of the RMAC code, with more than two or three model (tables)
> > with tree level access (roles) including every entry in the permission
> > table. Can I able to use both the ACL plugin and RMAC plugin together?
>
> > I am also planing to have own interface for the ACL, both action
> > level and record level. I am not sure if this will be continued since
> > i work for a company and they asked so. It could be dropped any time.
> > A basic layout as follows in a word docs.
>
> >https://docs.google.com/document/d/1VGkvtvZk3fuST_pgn1q0sfhtvgka1NCTY...
>
> > This is very basic and it could be non feasible (funny :D).
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment