cakePHP acl group level permission

March 2nd, 2011 § 2 comments

In this post i just want you to give an idea how you can set a permission on a group regardless of user. What is mean is consider the condition. In your system there are 4 types of users.Each users have different functionalities and  some actions can be used only by a certain user. Here there we are not setting any permission on the users and we are not considering a condition that we should give different permission to different users.All users in a group are equal they can access any action which have permission for that group.According to the ACL we need to create an ARO’s for each users for it. This post will tell you how can you achieve this without creating the ARO’s of users(Just creating the ARO’s of groups)

Considering you have created all the Aco’s and Aro’s of groups and already set permission of it.

Now when you try to check the permission it will deny access even though the group have permission.Itz because they will search for the user in the Aro’s table.

now here is the hack to get rid of this

create a component named customAuth and save it in controllers/components/custom_auth.php.Now paste the following code in it.

<?php
App::import('Component','Auth');
class CustomAuthComponent extends AuthComponent {

    public function isAuthorized($type = null, $object = null, $user = null) {

        $actions  = $this->__authType($type);
        if( $actions['type'] != 'actions' ){
            return parent::isAuthorized($type, $object, $user);
        }
        if (empty($user) && !$this->user()) {
            return false;
        } elseif (empty($user)) {
            $user = $this->user();
        }

        $group = array('model' => 'Group','foreign_key' =>$user['Login']['group_id']);
        $valid = $this->Acl->check($group, $this->action());
        return $valid;
    }
}
?>

This will override the `isAuthorised` method in the Auth component.
Don’t forget to use the below code in `AppController.php`

function beforeFilter()
{
$this->CustomAuth->actionPath = 'controllers/';
$this->CustomAuth->authorize = 'actions';
}

Have something to say? please leave it here.

Revath S Kumar [RSK]

- Rubyist / JavaScripter - Yeoman Team member - Open source enthusiast - Blogger @ PHPRepo and http://blog.revathskumar.com - Coder @ Whatznear - Google fanboy - jQuery lover

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus - YouTube

Tagged ,

  • Наткнулся случайно на Ваш блог. Теперь стану постоянно просматривать. Надеюсь, не разочаруете и дальше/Спасибо, хорошая статья. Подписался.

    • RSK

      Accidentally stumbled on your blog. Now I will always watch. I hope that does not disappoint, and on / Thanks, good article. Subscribed.

      Thankz. will try my best to keep it live.