Great tutorial. Can you give me a hint how to implement using Admin Routing?
Thanks,
Andrei on 5/8/10
Great tutorial Mark!
@Wojtek – logout & login are as part of cake auto-magic special actions you don’t need to allow these – I suspect you want to redirect to a public action after logging the user out.
@Andrei – no real hard graft here. Use the full action with its routing prefix eg ‘admin_edit’ check it with
cake acl check Administrator Users/admin_dashboard create
I used the acl extras plugin instead of rather than the initDB and buildAcl functions
Sam on 5/23/10
Hi,
I have tried this code. Thanks alot for your help. I have user registration in my site when any guest user sign up i am receiving following error.
Please help
Warning (512): AclNode::node() – Couldn’t find Aro node identified by “Array
(
[Aro0.model] => Group
[Aro0.foreign_key] => 3
)
“ [CORE\cake\libs\model\db_acl.php, line 190]
Naveed on 5/26/10
Beautiful post! I was struggling with acls till I read this post. I can’t thank you enough!
Nigel Babu on 7/1/10
Cake auth is very powerful, but maybe too complex for simple user-group-permission. don’t you think ?
What do you think about auth-acl plugins out there like authsome, authake and spark_plug ?
steinkel on 7/4/10
Naveed: Sounds like you have a missing ACO node.
Steinkel: I haven’t really had a chance to play with either, but Auth+Acl (at least db acl) can be a bit heavy for simple group based permissions. However, you could always implement a more simple Acl implementation and use that with Auth. I’ve done this in the past when I needed ACL but didn’t want to deal with the DbAcl.
mark story on 7/9/10
so u shown me how to create the root controller
what about the first controller under the root controller
is the below code is correct?
$this->Acl->Aco->create(array(‘parent_id’ => 1, ‘alias’ => ‘controllers/posts’));
How should i give the alias??
controllers/posts/ or just posts is enough
same way when considering actions
How should i give the alias??
controller/posts/add or posts/add
Revath S Kumar on 8/4/10
using the function built all the Aco’s got entered into acos table.
but when i try to give permission using this code
$this->Acl->allow(‘group1’, ‘controllers/Posts/add’);
returns error DbAcl::allow() – Invalid node
but this is working
$this->Acl->allow(‘group1’, ‘add’);
what will be the problem
Revath S Kumar on 8/4/10
Hi Mark,
referring to this ticket I’m wonderring if there is already an solution to it.
I’m authorizing over ‘action’. On my index page a public action view is displayed. Now on this page it’possible to call an restricted action (supposed to get the details to that clicked element) to inject the result via ajax.
If no one is logged in my ajax request referres to my Auth::ajaxLogin element, which gets injected nicely.
Is an user logged in not authorized for that action, I’m getting the index page injected cause that’s the controllers HTTP_REFERRER. As a result on my public index (in the ajax update container) the same index view gets injected again.
Is there a way to customize this behaviour.
To test this you can “go here“http://data.anito.de
Log in as guest/guest (acl will deny your access to the view action injected to the public index action)
bAlso be aware of infinite loop. To exit either close the browser window or close the details window and logout.
Thanks
Axel on 9/5/10
Hi Mark,
referring to this ticket I’m wonderring if there is already an solution to it.
I’m authorizing over ‘action’. On my index page a public action view is displayed. Now on this page it’possible to call an restricted action (supposed to get the details to that clicked element) to inject the result via ajax.
If no one is logged in my ajax request referres to my Auth::ajaxLogin element, which gets injected nicely.
Is an user logged in not authorized for that action, I’m getting the index page injected cause that’s the controllers HTTP_REFERRER. As a result on my public index (in the ajax update container) the same index view gets injected again.
Is there a way to customize this behaviour.
To test this you can “go here“http://data.anito.de
Log in as guest/guest (acl will deny your access to the view action injected to the public index action)
bAlso be aware of infinite loop. To exit either close the browser window or close the details window and logout.
Thanks
Axel on 9/5/10
I’m trying to figure out if there is a way to use ACL to grant blanket access to any /admin/ method to a specific group.
I’ve got ACL working per the version of your tutorial in the Cake 1.3 manual. I can assign permissions for specific controllers or actions, but I can’t figure out a way to assign permissions for any controller that falls under admin routing.
Is this possible?
calzone on 9/23/10
I wish I knew about your tutorial from the start. I am finally starting to understand how to do this. Your article also does a good job of explaining the why not just the how. Thank you.
Jon L on 10/20/10
Hi Mark,
I’ve been through your tutorials twice now. And it’s sinking in. Thank you so much (again).
Why is it that we defined both Group and User models as requester, but we did not define the Post and Widget model as controlled?
Also, in my aros_acos table every row for model and foreign_key has a value of NULL. Is this supposed to happen?
Jon L on 10/21/10
Hi Mark
I had a quick question about adding/editing users once you have set up the ACL. When you edit a user, if you do not include a new password (as a user may want to just update other information about themseleves), it does a SHA1 hash of the empty password field in the beforeFilter. This is also the same for adding a user if you do not want to add a password e.g. creating passwords for users when they are verified etc.
I wondered if there is an obvious way around this, or something I am perhaps missing. In the end I went with:
function beforeFilter() {
$this->Auth->authenticate = ClassRegistry::init(‘User’);
parent::beforeFilter();
}
function hashPasswords($data) {
return $data;
}
and
function encryptPassword($password = null, $salt = null)
{
$return = ‘’;
if (!empty($password) && !empty($salt)) {
$return = sha1(‘auth’.$password.$salt);
}
return $return;
}
Peter on 11/8/10
Hey Mark, really great tutorial.
Thanks a lot for such a post
Hitu Bansal on 12/13/10
Thanks in advance.
i have found below error after configure as your tutorial
“You are not authorized to access that location.”
so i can’t access login section
uma on 1/24/11
great tutorial
sarang.patel on 4/17/11
Excellent tutorial. Thanks
Steve on 5/3/11
I followed your instruction to setup Auth & ACL. But I am not able to save any data. I am getting following error.
Warning (512): AclNode::node() – Couldn’t find Aro node identified by “Array
(
[Aro0.model] => User
[Aro0.foreign_key] => 2
)
“ [CORE/Cake/Model/AclNode.php, line 179]
I am new to cakephp. Is there anyone who can help me out?
Rashid Azar on 10/31/11
Thank you very much for the tutorial. I have 1 question.
After I log in and then try to log out i get the User not authorized message. I suppose I should allow Users/logout action for all users?
Wojtek on 4/29/10