Hi. Thanks for this great tutorial. I followed everything on this series. I’m having a weird problem, administrators (those with group_id =1) can only access /admin/controller/index action. It denies access to /admin/controller/other_action (eg /admin/posts/view)

Doesn’t $this->Acl->allow($group, ‘controllers’); provides access to eveything?

Thanks again

hi Jason and mark.

But is that a good hack to make the router.php file put / to User::login? Will that only be for when Auth has a refuse-access response to a request without referer ?

Confused :/

Thanks for this great tutorial by the way – I have it 99% working other than this redirect thingy!

hiya – Mark, I just wanted to say thanks once again for this great tutoiral – it is by far the best if followed through all the way, in helping one get up and running with the Auth / ACL system.

I am still slightly confused by certain re-directs the system performs when I lgoin – am I right in thinking it sometimes redirects to the last visited page of the last user who has logged out??

But your guide is really great – it took a while for it to sink in but I now think I get the acos / aros / acos_aros thing.

I used to use othAuth which worked very intuitively and I liked looking at my permission table and seeing the actions written out for each permission so I knew who had what more easily . But it feels good to use the cake cor e version which clearly is well thought out – just very powerful and so on.

Luke: If you try to visit a page you are not authorized to visit before logging in, Auth will redirect you to that place once you login. And you don’t need to hack the routes.php to get Users::login connected to ‘/’ you just make it like a regular route.

Router::connect('/', array('controller' => 'users', 'action' => 'login'));

Should do the trick.

How is it possible that the autocreating of aco works for you?
In my case
$controllerNode = $aco->node(‘controllers/’.$ctrlName);

Returns first node it found. If a/b not present it returns a so the result is always set. It returns ‘controllers’ node. So it never creates and acos for controllers and methods

Lambiato: If an entire node path is not found AclNode::node() returns false. I just ran the db_acl tests which cover this and they are all passing. Are you not seeing this behavior?

simply A-MA-ZING!
The first tutorial that actually works, after going through a massive load of crappy tut’s out there. People, look no further: this is the one to use!

Hey Mark,

thanx for the tutorial – rude me forgot to say that last time. ^^
In the initDB function – shouldn’t it say

$this->Acl->allow($group, ‘controllers/Posts’,‘create’); $this->Acl->allow($group, ‘controllers/Posts’,‘update’); $this->Acl->allow($group, ‘controllers/Widgets’,‘create’); $this->Acl->allow($group, ‘controllers/Widgets’,‘update’);

for group 3?
Took me a while to figure out that in my aros_acos table the fields are not named edit and add but instead create and update.

Greetz,
Sandy

Forget what i just said – think i misunderstand something here.

Standard baked functions are named add(), edit(), view(), index(), delete() yet in the aros_acos table they are named _create, _read, _update, _delete?
Beats me why that is so. Sorry for spamming your page. :$

Sandy: I think you are getting confused by the crud fields in the aros_acos table. Those fields are used when setting permissions per CRUD perm. When setting permissions for the actions I decided to not use individual CRUD fields as the AuthComponent doesn’t use them unless it is in crud mode. Using AuthComponent in crud mode was something out of this tutorials scope though. If you are following the tutorial ignore the CRUD fields.

Hi, great tutorial, especially for a newbie like me. I seem to have a few problems though, on the permissions part if you guys can help me.

cake acl grant $aroAlias $acoAlias all

I get the following error when I try the above command:
PHP Warning: DbAcl::allow() – Invalid node in C:\htdocs\cake\cake\libs\controller\components\acl.php on line 367

Warning: DbAcl::allow() – Invalid node in C:\htdocs\cake\cake\libs\controller\components\acl.php on line 367
Permission was not granted.

I also tried running the alternative, $this->Acl->allow($aroAlias, $acoAlias);, but it gave me an error saying $aroAlias and $acoAlias do not exist.

Help! What can I do?

Please disregard my last post, I found out what I was doing wrong.

But on my aros_acos table, I see a bunch of 1s and -1s instead of the 1s and 0s, is this normal?

John: Yes the 1’s and -1’s are normal. 1’s are allow permissions, 0 is inherit, and -1 is deny.

@John: I’ve got the same error, how did you fix it?

Never mind my previous post. Already fixed it. Problem was that i was adding permissions over and over again. Cleaned out the cache too

To John, how did you fixed the dbAcl:allow() error?

Do you always need to have a complete function list in your acos table?. I seem to be getting an “Failed ARO/ACO node lookup in permissions check” error unless the function is in the acos table.

Mikey: Yes, unless you $this->Auth->allow() the action before hand. If the action is not public it must be in the ACO’s table for everything to work without errors.

Great tutorial – ACL/Auth is finally starting to fit inside my head!

I’m having trouble however running the temporary function initDB(): I’m getting ‘DbAcl::allow() – Invalid node’. It seems to be happening on the line: $this->Acl->allow($group, ‘controllers/Posts’);

Have I missed a step somewhere?