Geek Answers Handbook

CakePHP 2.x ACL - owner-level control

I can manage my application using the ACL , everything is done perfectly, and the application runs smoothly with ACL and Auth .

Now the problem is this:

I have two tables, users and posts . no RBAC (role-based access control). I set deny and allow for each user as shown below.

 //allow User1 to do everything $user->id=1; $this->ACL->allow($user,'controllers'); //allow User2 to add, edit and view the posts $user->id=2; $this->Acl->deny($user, 'controllers'); $this->Acl->allow($user, 'controllers/Posts');

but here I get one problem:

user2 gets access to edit posts user1 .

example:

user1 created by post1 .

now user2 now he can edit the post user1 (i.e. post1- /localhost/myApp/posts/edit/1 )

Question: How can I set the ACL permission for this problem, the owner of the message can only edit the message, while others cannot.

I can achieve this at the controller level by simply checking

 if($_SESSION['Auth']['User']['id'] == $Post['Post']['user_id']){ // you're the owner, so u can edit }else{ //u cant edit, this is not ur post }

but I need an ACL to work here, is this possible ?, Please help

thanks

+7
php cakephp acl
source share
1 answer

this is how i will do

first tell Cake that the Post model is ACO

  // Post.php model file $actsAs = array('Acl' => array('type' => 'controlled'));

this way every time you create a new cake, an element in the acos table will be automatically created.

note: you will have to manually create a node for previously created messages this way:

 // for every Post in your posts table $this->Acl->Aco->create(array('alias' => 'Post', 'id' => 123)); $this->Acl->Aco->save();

then you must define the parentNode() function in the Post Model file

 // Post.php model file public function parentNode() { return null; }

Now the auth-handler of the ACL checks permission only at the action level. In other words, it just verifies that you are allowed to access the action. It then requires other checks at the controller level using the isAuthorized() function.

so you must first set the resolution for each node

 $this->Acl->allow($user, 'controllers/Posts/edit/123')

then in your controller you have to do

  // PostsController.php public function isAuthorized($user = null) { if ($this->request->action === 'edit') { $user = // retrieve the user array. ie from Session $post_id = $this->request->$this->request->pass[0]; $post = array('alias' => 'Post', 'id' => $post_id ); return this->Acl->check($user, $post); } return parent::isAuthorized($user); }

you can also implement the parentNode () function to return the owner of the message instead of null

 // Post.php model file // just an hint, the actual code should be // a bit more complex public function parentNode() { $user_id = $this->field('user_id'); return array('User' => array('id' => $user_id)); }

thus, you do not need to set permission for each individual message, because the cake checks to see if the user has access to the parent node of the Mail (which is also the user). So you just need to set permission for each user

 $this->Acl->allow($user, $user);

If you follow this method, be sure to also set the user as ACO

 // User.php Model file $actsAs = array('Acl' => array('type' => 'both'));

I have not tested the above code, so I think there are a lot of typos and errors. If I have time, I will do some tests and improve my answer in the following days.

+3
source share

More articles:


All Articles