Tuesday, April 10, 2012

Re: Is this too complicated ?

This would be ok, if the actions were the same for each controller.

But, I would like each user to have one set of actions for 1 controller and a different set for another controller.

I am afraid this problem just get exponential the more users and organizations and roles there are.....

Just thinking out loud......
    what if I make the Org a requester, instead of an ACO?  does this make it easier?
 or change the aro tree, so the user is the parent, and the org and org groups/roles are the children. Does this work?



On 4/10/2012 9:45 AM, GerarD [via CakePHP] wrote:
Well, I needed something with role and access for a system I was working on. 
 
What I did was to create a field called Access in the DB to control access to each Module of the system, and another field called Actions to control wich "actions" they could performe.
So I have 2 Modules, one called Distributors, and one called Personals.

By the moment I create a user that could access Distributors, I saved that controllers name in the field Access as a string. But I don't want him to edit the info of the Distributors, just view and search. Well, I save a string as "view; search" in Actions. 

Then, in app/appController:

public $components = array(
        'Session',
        'Auth' => array(
            'loginRedirect' => array('controller' => '', 'action' => 'index'), 
            'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
            'authorize' => array('Controller') // I want to check every controller the user Access.
        )
    );
 
and, as I can read the info from the Auth method in the appController:

public function isAuthorized($user) {
   if(isset($user['role']) && $user['role'] === 'admin') { // admin can access all actions
       return true; 
   }
if(in_array($this->action, array('index', 'view', 'search', 'add')){ 
$controller = $this->params['controller'];
$action = $this->action;
$allow_controllers = explode('; ', $user['Access']); //list of controllers in Access
$allow_actions = explode('; ', $user['Actions']); //list of actions in Actions
                        
//Now we check if this user has access to the Controller and the Action his trying to see.
if(in_array($controller, $user['Access']) && in_array($action, $user['Actions'])){
return true; //he can
}
}
return false; /he can't. Sorry.
}

And that's it. It's very simple but it works for me =). Now you can add as many controllers as you need in the future, and you won't have to rewrite the code. Just give access to the users you want in your Users Module. Hope it helps...
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
[hidden email] For more options, visit this group at http://groups.google.com/group/cake-php


If you reply to this email, your message will be added to the discussion below:
http://cakephp.1045679.n5.nabble.com/Is-this-too-complicated-tp5628799p5629951.html
To start a new topic under CakePHP, email [hidden email]
To unsubscribe from CakePHP, click here.
NAML

View this message in context: Re: Is this too complicated ?
Sent from the CakePHP mailing list archive at Nabble.com.

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)