I'm currently working on an application that makes use of the Cake
ACL component with the database backed configuration. This is working
wonderfully and I am able to assign permissions to my ACO's for my
ARO's and ensure that they are enforced throughout my application with
liberal calls to the 'check' method of the ACL class. The ACO's in my
case are 'Event' instances, and the ARO's are specicic users. Both are
set up with proper foreign_key references in the ARO and ACO tables.
However, I am now running into an issue I hadn't thought of.
Specifically, I need to load a list of Events from the database
between two dates that a user has 'view' permission for. I've had no
trouble loading this list of events without worrying about permission,
but now I need to integrate that bit. I realize that I can ignore the
permissions in the DB query and then loop through the results trimming
out ones that fail a call to Acl->check(), but this seems like an
incredibly inefficient way of doing things.
What I would like to know, is if there is an easy way for me to
integrate permissions checking into the 'find' call I am using to
fetch the events.
Adding the ARO and ACO objects as relationships in my event and user
model has been done, so I suppose I could crawl my way down and check
the permissions that way using a large value for the 'recursive'
property of find, but again, this seems like it might not scale very
effectively.
Any ideas are greatly appreciated! Let me know if I can clarify my
question further.
- Daniel
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment