Mark Story

Thank you very much for the tutorial. I have 1 question.
After I log in and then try to log out i get the User not authorized message. I suppose I should allow Users/logout action for all users?

Great tutorial. Can you give me a hint how to implement using Admin Routing?

Thanks,

Great tutorial Mark!

@Wojtek – logout & login are as part of cake auto-magic special actions you don’t need to allow these – I suspect you want to redirect to a public action after logging the user out.

@Andrei – no real hard graft here. Use the full action with its routing prefix eg ‘admin_edit’ check it with
cake acl check Administrator Users/admin_dashboard create

I used the acl extras plugin instead of rather than the initDB and buildAcl functions

Hi,

I have tried this code. Thanks alot for your help. I have user registration in my site when any guest user sign up i am receiving following error.

Please help
Warning (512): AclNode::node() – Couldn’t find Aro node identified by “Array
( [Aro0.model] => Group [Aro0.foreign_key] => 3
)
“ [CORE\cake\libs\model\db_acl.php, line 190]

Beautiful post! I was struggling with acls till I read this post. I can’t thank you enough!

Cake auth is very powerful, but maybe too complex for simple user-group-permission. don’t you think ?

What do you think about auth-acl plugins out there like authsome, authake and spark_plug ?

so u shown me how to create the root controller
what about the first controller under the root controller
is the below code is correct?

$this->Acl->Aco->create(array(‘parent_id’ => 1, ‘alias’ => ‘controllers/posts’));

How should i give the alias??
controllers/posts/ or just posts is enough

same way when considering actions
How should i give the alias??
controller/posts/add or posts/add

using the function built all the Aco’s got entered into acos table.

but when i try to give permission using this code

$this->Acl->allow(‘group1’, ‘controllers/Posts/add’);

returns error DbAcl::allow() – Invalid node

but this is working

$this->Acl->allow(‘group1’, ‘add’);

what will be the problem

Hi Mark,
referring to this ticket I’m wonderring if there is already an solution to it.
I’m authorizing over ‘action’. On my index page a public action view is displayed. Now on this page it’possible to call an restricted action (supposed to get the details to that clicked element) to inject the result via ajax.
If no one is logged in my ajax request referres to my Auth::ajaxLogin element, which gets injected nicely.
Is an user logged in not authorized for that action, I’m getting the index page injected cause that’s the controllers HTTP_REFERRER. As a result on my public index (in the ajax update container) the same index view gets injected again.
Is there a way to customize this behaviour.

To test this you can “go here“http://data.anito.de
Log in as guest/guest (acl will deny your access to the view action injected to the public index action)
bAlso be aware of infinite loop. To exit either close the browser window or close the details window and logout.

Thanks

Hi Mark,
referring to this ticket I’m wonderring if there is already an solution to it.
I’m authorizing over ‘action’. On my index page a public action view is displayed. Now on this page it’possible to call an restricted action (supposed to get the details to that clicked element) to inject the result via ajax.
If no one is logged in my ajax request referres to my Auth::ajaxLogin element, which gets injected nicely.
Is an user logged in not authorized for that action, I’m getting the index page injected cause that’s the controllers HTTP_REFERRER. As a result on my public index (in the ajax update container) the same index view gets injected again.
Is there a way to customize this behaviour.

To test this you can “go here“http://data.anito.de
Log in as guest/guest (acl will deny your access to the view action injected to the public index action)
bAlso be aware of infinite loop. To exit either close the browser window or close the details window and logout.

Thanks