Thank you very much for the tutorial. I have 1 question.
After I log in and then try to log out i get the User not authorized message. I suppose I should allow Users/logout action for all users?

Great tutorial. Can you give me a hint how to implement using Admin Routing?

Thanks,

Great tutorial Mark!

@Wojtek – logout & login are as part of cake auto-magic special actions you don’t need to allow these – I suspect you want to redirect to a public action after logging the user out.

@Andrei – no real hard graft here. Use the full action with its routing prefix eg ‘admin_edit’ check it with
cake acl check Administrator Users/admin_dashboard create

I used the acl extras plugin instead of rather than the initDB and buildAcl functions

Hi,

I have tried this code. Thanks alot for your help. I have user registration in my site when any guest user sign up i am receiving following error.

Please help
Warning (512): AclNode::node() – Couldn’t find Aro node identified by “Array
( [Aro0.model] => Group [Aro0.foreign_key] => 3
)
“ [CORE\cake\libs\model\db_acl.php, line 190]

Beautiful post! I was struggling with acls till I read this post. I can’t thank you enough!

Cake auth is very powerful, but maybe too complex for simple user-group-permission. don’t you think ?

What do you think about auth-acl plugins out there like authsome, authake and spark_plug ?

Naveed: Sounds like you have a missing ACO node.
Steinkel: I haven’t really had a chance to play with either, but Auth+Acl (at least db acl) can be a bit heavy for simple group based permissions. However, you could always implement a more simple Acl implementation and use that with Auth. I’ve done this in the past when I needed ACL but didn’t want to deal with the DbAcl.

so u shown me how to create the root controller
what about the first controller under the root controller
is the below code is correct?

$this->Acl->Aco->create(array(‘parent_id’ => 1, ‘alias’ => ‘controllers/posts’));

How should i give the alias??
controllers/posts/ or just posts is enough

same way when considering actions
How should i give the alias??
controller/posts/add or posts/add

using the function built all the Aco’s got entered into acos table.

but when i try to give permission using this code

$this->Acl->allow(‘group1’, ‘controllers/Posts/add’);

returns error DbAcl::allow() – Invalid node

but this is working

$this->Acl->allow(‘group1’, ‘add’);

what will be the problem

Hi Mark,
referring to this ticket I’m wonderring if there is already an solution to it.
I’m authorizing over ‘action’. On my index page a public action view is displayed. Now on this page it’possible to call an restricted action (supposed to get the details to that clicked element) to inject the result via ajax.
If no one is logged in my ajax request referres to my Auth::ajaxLogin element, which gets injected nicely.
Is an user logged in not authorized for that action, I’m getting the index page injected cause that’s the controllers HTTP_REFERRER. As a result on my public index (in the ajax update container) the same index view gets injected again.
Is there a way to customize this behaviour.

To test this you can “go here“http://data.anito.de
Log in as guest/guest (acl will deny your access to the view action injected to the public index action)
bAlso be aware of infinite loop. To exit either close the browser window or close the details window and logout.

Thanks

Hi Mark,
referring to this ticket I’m wonderring if there is already an solution to it.
I’m authorizing over ‘action’. On my index page a public action view is displayed. Now on this page it’possible to call an restricted action (supposed to get the details to that clicked element) to inject the result via ajax.
If no one is logged in my ajax request referres to my Auth::ajaxLogin element, which gets injected nicely.
Is an user logged in not authorized for that action, I’m getting the index page injected cause that’s the controllers HTTP_REFERRER. As a result on my public index (in the ajax update container) the same index view gets injected again.
Is there a way to customize this behaviour.

To test this you can “go here“http://data.anito.de
Log in as guest/guest (acl will deny your access to the view action injected to the public index action)
bAlso be aware of infinite loop. To exit either close the browser window or close the details window and logout.

Thanks

I’m trying to figure out if there is a way to use ACL to grant blanket access to any /admin/ method to a specific group.

I’ve got ACL working per the version of your tutorial in the Cake 1.3 manual. I can assign permissions for specific controllers or actions, but I can’t figure out a way to assign permissions for any controller that falls under admin routing.

Is this possible?

I wish I knew about your tutorial from the start. I am finally starting to understand how to do this. Your article also does a good job of explaining the why not just the how. Thank you.

Hi Mark,
I’ve been through your tutorials twice now. And it’s sinking in. Thank you so much (again).

Why is it that we defined both Group and User models as requester, but we did not define the Post and Widget model as controlled?

Also, in my aros_acos table every row for model and foreign_key has a value of NULL. Is this supposed to happen?

Hi Mark

I had a quick question about adding/editing users once you have set up the ACL. When you edit a user, if you do not include a new password (as a user may want to just update other information about themseleves), it does a SHA1 hash of the empty password field in the beforeFilter. This is also the same for adding a user if you do not want to add a password e.g. creating passwords for users when they are verified etc.

I wondered if there is an obvious way around this, or something I am perhaps missing. In the end I went with:

function beforeFilter() { $this->Auth->authenticate = ClassRegistry::init(‘User’); parent::beforeFilter();
}

function hashPasswords($data) { return $data;
}

and

function encryptPassword($password = null, $salt = null)
{ $return = ‘’; if (!empty($password) && !empty($salt)) { $return = sha1(‘auth’.$password.$salt); } return $return;
}

Hey Mark, really great tutorial.
Thanks a lot for such a post

Thanks in advance.
i have found below error after configure as your tutorial
“You are not authorized to access that location.”
so i can’t access login section

great tutorial

Excellent tutorial. Thanks

I followed your instruction to setup Auth & ACL. But I am not able to save any data. I am getting following error.

Warning (512): AclNode::node() – Couldn’t find Aro node identified by “Array
( [Aro0.model] => User [Aro0.foreign_key] => 2
)
“ [CORE/Cake/Model/AclNode.php, line 179]

I am new to cakephp. Is there anyone who can help me out?