Hi, Can anyone explain this to me as I'm having quite a hard time wrapping my head around CakePHP's ACL functionality (like many others no doubt). In my own app I've set up all my ACOs and AROs, and I've allocated permissions in a similar manner to the tutorial in the CakePHP book. But as far as I understand, the tutorial is fairly incomplete since It provides no method to enforce the ACL. Using some code cobbled together from other tutorials on the subject, I've put some code in the beforeFilter() method in the AppController which verifies that the current user has permission to the requested controller and action. I'm happy with this bit but what I am not happy about modifying the view based on the user's permissions. I have seen a couple of solutions where the permissions of the user are determined upon login and saved in to their session, which I'm not keen on but this is then used to customize the view (e.g. hiding links etc.).
Rather than looking for an explicit solution here, I'm seeking some guidelines or best practices. Sam -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
