
This post isn’t a standalone tutorial about ACL in CakePHP, and it’s not meant to be so. Â There are already many posts in the cloud about such topic. Â The purpose of this post is to emphasis some nontrivial hints or small tricks, at least nontrivial for me
Please, make sure to read one of those tutorials before getting through this post, I do recommend the one comes in the documentation of CakePHP.
So, let’s go and see how things should go. Â I am going to implement this simple typical application with Groups and Users. Â A User belongs to a Group. Â The ‘admin’ Group can do anything with Users. Â A User can only list the available users (index action)
//in app_controller.php
//Make sure to include ‘Acl’ before ‘Auth’
var $components = array(‘Acl’, ‘Auth’);
function beforeFilter() {
//Configure AuthComponent
$this->Auth->authorize = ‘actions’;
$this->Auth->actionPath = ‘controllers/’;
$this->Auth->allowedActions = array(‘display’); //IMPORTANT not to get into redirect loop
$this->Auth->loginAction = array(‘controller’ => ‘users’, ‘action’ => ‘login’);
$this->Auth->logoutRedirect = array(‘controller’ => ‘users’, ‘action’ => ‘login’);
}
[/php]
var $actsAs = array(‘Acl’ => ‘requester’);
var $actsAs = array(‘Acl’ => ‘controlled’);
var $actsAs = array(‘Acl’ => array(‘Aro’,'Aco’));
[/php]
//in User.php
function parentNode() {
if (!$this->id && empty($this->data)) {
return null;
}
$data = $this->data;
if (empty($this->data)) {
$data = $this->read();
}
if (!$data['User']['group_id']) {
return null;
} else {
return array(‘Group’ => array(‘id’ => $data['User']['group_id']));
}
}
[/php]
//in Group.php
function parentNode() {
return null;
}
[/php]
[php]
//in users_controller.php
function beforeFilter() {
parent::beforeFilter(); //IMPORTANT to call the functionality of acl
$this->Auth->allow(‘login’, ‘logout’);//You can login
}
function login() {
if ($this->Session->read(‘Auth.User’)) {
$this->Session->setFlash(‘You are logged in!’);
$this->redirect(‘/’, null, false);
}
}
function logout() {
$this->Session->setFlash(‘Good-Bye’);
$this->redirect($this->Auth->logout());
}
[/php]
5- Let’s create the AROs. Â They are added automatically, once a Group of User is added through CakePHP generated forms, a corresponding entry will be added to the aros table. Â This is done through the ACL behavior.
6- To add ACOs, there are couple of solutions I could find, but the one I recommend this
http://mark-story.com/posts/view/generate-aco-records-for-your-controllers-and-actions-with-acosyncshell
It adds another shell and hence you can do the whole thing from console. Â I find it nice and convenient. Â Here is how you can use it
Put the file aco_sync.php in this path cake_1.2.x\vendors\shells
Call it like that
cake aco_sync update
It will do the magic and add ACOs for all controllers and actions to your acos tables.
7- It’s time to create ACLs, I also prefer using console to accomplish this task.
Give Admin group all permissions on all actions of Users
cake acl grant Group.1 Users all
Note that they are Group and Users. Â The first is singular; the model, and the second is plural; the controller.
Group.1 ==> 1 is the id of the Admin group in Groups table
Let’s see another example
Give User group all permissions on index action of Users
cake acl grant Group.2 Users/index all
This is how to set permissions to a specific action using the slash ‘/’. Â Not backslash or a dot or anything else, it’s written like that Users/index.
So, now, you are all set
Since console is widely used in this post, I think adding some hints about using console will be of no harm, I am using cake_1.2.5, and I am using wamp, under Windows of course, installed with the default settings in c:\wamp
Here is how you may get the console commands to work smoothly
Put the cakePHP frame in some location in your file system away from the www folder. Â If you are using wamp, it can be
C:\wamp\frameworks\cake_1.2.5\
Add the location of the cake to your PATH, or use the full location each time.
In this case it will be
C:\wamp\frameworks\cake_1.2.5\cake\console
While being in the www folder create your project using the console
cd C:\wamp\www\
C:\wamp\www>c:\wamp\frameworks\cake_1.2.5\cake\console\cake bake TestingACLProject
or if you added it to the path, simply use
C:\wamp\www>cake bake TestingACLProject
This will create the folder TestingACLProject and build the typical skeleton of a Cake project.
Later on, execute all console commands from inside the TestingACLProject folder
e.g.
cd C:\wamp\www\TestingACLProject
C:\wamp\www\TestingACLProject>cake acl grant Group.1 Users all
I hope this post could help to remove some of the mystery of CakePHP due to its lack of good documentation.
I didn’t know where to find this info then kbaoom it was here.
Trackback this post
Subscribe to the comments via RSS Feed