Hi
I am using ACL to control access for groups and users to different actions. Now I would like to extend this behaviour to record level.
Think of 3 groups: Users, agents and administrators. The model for restricted access is "company" for example (in real life there are much more like "documents" a.s.o)
Admins should have CRUD access to all companies application wide, agents only to the ones which have an corresponding "agent_id" and users have no admin control at all (easy because of acl).
So far so good. I could hack every controller to find out which "companies" are allowed, but I think this is not really the MVC/DRY way, because there are many models which share this behaviour.
Could you point me into the right direction?
Next: I would like to give the decision if a user could access all records or only his own ones in the hand of acl. Ive made to methods for this (in the corresponding controller - here "companies"): admin_all and admin_own which returns a list of all valid ids. These methods/acos are easily integrated into acl. Is this the right approach?
Hope that Ive explained my problem good enough - not so easy for me in english ;)
Thank you,
Frank
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment