As far as I know, the core ACL does not support multiple groups per
user.
Before using ACL, I used myself a home made component that allowed to
grant/deny access based on roles membership and action prefixes like
you do. It used to work :-) and it also supported many-to-many users-
groups. But since I have changed my habit, and I now use ACL. As
mentionned by zuha, I prefer the idea to have the possibility to grant/
deny specific permission to someone or some people without having to
update the code. Even if it now does not support many-to-many users-
groups anymore, I think it is more flexible. But I also have to admit
that I never developped an application with a lot of different
profiles (so far 4-5 max).
nIcO
On Oct 27, 6:48 pm, Jeremy Burns | Class Outfit
<jeremybu...@classoutfit.com> wrote:
> Thanks Richard.
>
> Your point about flexibility and extensibility is a good one. You'd define specific views to do specific functions and then restrict them with permissions rather than a prefix. That also means one view can be used by more than one group (although I guess you could equally do that with $this->render).
>
> My second question is the one that puzzles me most. I've designed some systems where this is very typical; members of staff are department heads, managers, subordinates, team members, committee members and so on. So one person changes his role (group) throughout a single session. I'd be interested to see what others have to say too.
>
> I have some SQL that could speed up the acl table reads if you are using Innodb.
>
> Jeremy Burns
> Class Outfit
>
> http://www.classoutfit.com
>
> On 27 Oct 2011, at 17:32, zuha wrote:
>
>
>
>
>
>
>
> > #1 : Would require a prefix for every role. admin_index, manager_index, user_index, guest_index, etc. With ACL being database driven you can have unlimited user roles and not be required to add new prefixes every time you add a role.
>
> > #2 : I don't know, interesting question. It sounds kind of a-typical to me though. You would probably add a 3rd group in that rare case called something like, "board-teachers".
>
> > #3 : Yes and its not small. It can be large and a major slow down.
>
> > ACL is very flexible but the flexibility comes with the downside of speed performance. I'm quite sure there are caching solutions to get around it, but I have not gotten that far yet (even after 2 years of using ACL extensively).
>
> > --
> > Our newest site for the community: CakePHP Video Tutorialshttp://tv.cakephp.org
> > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help others with their CakePHP related questions.
>
> > To unsubscribe from this group, send email to
> > cake-php+unsubscribe@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment