ADMIN_APPS
Admin Apps (group)
-> Users
-> News
-> Pages
-> Store
-> Orders
ADMIN_USER_LEVELS
Admin Users (group)
-> browsers (view)
-> -> contributors (inherits browsers + create)
-> -> -> editors (inherits contributors + edit)
-> -> -> -> managers (inherits editors + delete)
FRONT_END_CONTENT_ACCESS_LEVELS
Site Users (group)
-> visitor (all standard pages)
-> -> Level1 (inherits visitor + pages assigned Level1)
-> -> -> Level2 (inherits Level1 + pages assigned Level2)
-> -> -> -> Level3 (inherits Level2 + pages assigned Level3)
If (big if) the code below works, then it only does half what I need,
because I've had to assign the Permission level to the admin globally,
not individually for each App, so rather than an Admin having 'Browse'
rights for News and 'Editor' rights for Users and Pages, he has only
Browse rights for all, does that make sense?
How can I make it so I can assign an individual permission level on an
app by app basis (am I even going about this the right way!)
$aco = new Aco();
//Create some access control objects:
$aco->create(1, null, 'Admin Apps');
$aco->create(2, 'Admin Apps', 'Users');
$aco->create(3, 'Admin Apps', 'News');
$aco->create(4, 'Admin Apps', 'Pages');
$aco->create(5, 'Admin Apps', 'Store');
$aco->create(6, 'Admin Apps', 'Orders');
$aco->create(16, null, 'Site Content');
$aro = new Aco();
//Create some access request objects:
$aro->create(1, null, 'Admins');
$aro->create(2, 'Admins', 'Browsers');
$aro->create(3, 'Browsers', 'Contributors');
$aro->create(4, 'Contributors', 'Editors');
$aro->create(5, 'Editors', 'Managers');
$aro->create(5, 'Admins', 'Outsider');
$aro->create(6, null, 'Site Users');
$aro->create(7, 'Site Users', 'Visitors');
$aro->create(8, 'Visitors', 'Level1');
$aro->create(9, 'Level1', 'Level2');
$aro->create(10, 'Level2', 'Level3');
// then, when I create a new site user...
function createUser ()
{
// create new user in db
$this->User->save($params);
// create new site user allowing him/her access to all Level1 content
$this->aro->create($this->User['id'], 'Site Users',
$this->User['username']);
// assign permission to user allowing access to the 'Site Content' object
$this->acl->Allow ($this->User['username'], 'Site Content', 'Level1');
}
// create admin user
function createUser ()
{
// create new user in db
$this->User->save($params);
// create user who has browse permissions only
$this->aro->create($this->User['id'], 'Browsers', $this->User['username']);
// allow user to access Users, News, Pages
$this->acl->Allow ($this->User['username'], 'Users');
$this->acl->Allow ($this->User['username'], 'News');
$this->acl->Allow ($this->User['username'], 'Pages');
// deny user access to Store, Orders
$this->acl->Deny ($this->User['username'], 'Store');
$this->acl->Deny ($this->User['username'], 'Orders');
}
--
jon bennett
t: +44 (0) 1225 341 039 w: http://www.jben.net/
iChat (AIM): jbendotnet Skype: jon-bennett
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
