cakePHP acl group level permission

March 2nd, 2011 § 2 comments § permalink

In this post i just want you to give an idea how you can set a permission on a group regardless of user. What is mean is consider the condition. In your system there are 4 types of users.Each users have different functionalities and  some actions can be used only by a certain user. Here there we are not setting any permission on the users and we are not considering a condition that we should give different permission to different users.All users in a group are equal they can access any action which have permission for that group.According to the ACL we need to create an ARO’s for each users for it. This post will tell you how can you achieve this without creating the ARO’s of users(Just creating the ARO’s of groups)

Considering you have created all the Aco’s and Aro’s of groups and already set permission of it.

Now when you try to check the permission it will deny access even though the group have permission.Itz because they will search for the user in the Aro’s table.

now here is the hack to get rid of this

create a component named customAuth and save it in controllers/components/custom_auth.php.Now paste the following code in it.

class CustomAuthComponent extends AuthComponent {

    public function isAuthorized($type = null, $object = null, $user = null) {

        $actions  = $this->__authType($type);
        if( $actions['type'] != 'actions' ){
            return parent::isAuthorized($type, $object, $user);
        if (empty($user) && !$this->user()) {
            return false;
        } elseif (empty($user)) {
            $user = $this->user();

        $group = array('model' => 'Group','foreign_key' =>$user['Login']['group_id']);
        $valid = $this->Acl->check($group, $this->action());
        return $valid;

This will override the `isAuthorised` method in the Auth component.
Don’t forget to use the below code in `AppController.php`

function beforeFilter()
$this->CustomAuth->actionPath = 'controllers/';
$this->CustomAuth->authorize = 'actions';

Have something to say? please leave it here.