Ok the programmatic part is about done (missing a few things but nothing that prevents you from already playing with it). I temporarily stored it in:
http://bin.cakephp.org/view/577137997 I will add a couple more things to it, then build the plugin for manipulating ACL data through web, and then write an article detailing how to use it. I'm pasting here (sorry for the length) a quick readme file I wrote as help. Note that it doesn't give you the explanation of lots of things that are already available through the component, but the component source code is well-documented so it should help. Scragz, regarding re-using the DB connection, I need to look into it as phpGACL uses ADODB so I need to find out how to provide ADODB with an already open link. Anyway quick readme: INSTALL ------- Grab latest copy of phpGACL from http://phpgacl.sourceforge.net/ and extract inside your app/vendors directory on a directory named phpgacl. You can instead extract it on CakePHP's main vendors directory. Don't follow the installation procedure shown on phpGACL, as the component will install the necessary database tables. To let it install for the first time, all you need to do is: 1. Make sure that $autoInitialize is set to true on the component. 2. If you also want your controller/actions to be inserted as available in phpGACL, make sure that $autoInstallControllers is set to true on the component. 3. Add PhpGacl as a component to any controller in your application (or even AppController) using the $components variable, and that's it. 4. Access that controller via your browser. When CakePHP initializes the component, it will check that it first needs to install phpGACL on your database. By default the following information is added to phpGACL when the component is run for the first time: a. An ACO section called "access", with an ACO object called "execute" assigned b. An AXO group called "controller" c. If point 2 above is true, then an AXO section for each controller, and an AXO action for each action in that controller. Note that you won't have to understand all this concepts (ARO, ACO, and AXO) if you use the functions provided by the component. All instructions below will assume that you are executing them on a controller where PhpGacl is added as a component. To let the component be available on all controllers, just add it to your AppController class. ADDING CONTROLLERS TO phpGACL ----------------------------- On step 2 at the installation instructions I've shown you how to let the component install all your controller/actions into phpGACL. However, that action is only run the first time (naturally) and you may even ommit that step as you wish to install the controller information yourself. To install a controller and all its accessible actions into phpGACL, from your controller do: $this->PhpGacl->saveController('Posts'); where 'Posts' is a valid CakePHP controller name (what you specify on the variable $name in the controller.) Note that if the controller wasn't added before to phpGACL, it will be created and all its actions stored. Otherwise only actions that were added will be added to phpGACL. SPECIFYING IDs FOR GROUPS AND USERS ----------------------------------- On the quick notes below you'll see that you have to specify an identifier whenever you are manipulating user or group information. Why is this? Why isn't the component taking care of generating a unique ID? Because the idea of this component is to be integrated with your existing authentication scheme, so you should be already storing users and groups your way. The component adds the necessary layers to provide access control to those users and groups. ADDING/MODIFYING USERS ---------------------- To add or modify a user, do: $this->PhpGacl->save($identifier, $name); where $identifier is the identifier of the user you would like to add (any valid string or integer), and $name the name you want to set to the user. If you don't set a name the $identifier will also be used as the name instead. Examples: $this->PhpGacl->save(1, 'mariano.iglesias'); To modify a user's name just set the new name in the $name parameter, keeping the same identifier. To delete a user just do: $this->PhpGacl->del($identifier); ADDING/MODIFYING GROUPS ----------------------- To add or modify a group, do: $this->PhpGacl->saveGroup($identifier, $name); where $identifier is the identifier of the group you would like to add (any valid string or integer), and $name the name you want to set to the group. Examples: $this->PhpGacl->saveGroup('authenticated', 'Authenticated'); $this->PhpGacl->saveGroup('editor', 'Editor'); $this->PhpGacl->saveGroup('developer', 'Developer'); You can also specify that a group belongs to a parent by adding a third parameter that indicates the parent identifier: $this->PhpGacl->saveGroup('reviewer', 'Reviewer', 'editor'); To modify a group's name just set the new name in the $name parameter, keeping the same identifier. To delete a group just do: $this->PhpGacl->delGroup($identifier); ASSIGN OR UN-ASSIGN GROUPS TO USERS ----------------------------------- You can assign groups to a certain user by using: $this->PhpGacl->assign($user, $groups) where $identifier is the identifier of the user you've previously saved, and $groups is an array of group identifiers that the user will be assigned to. Examples: $this->PhpGacl->assign(1, array ('authenticated')); If you call it again with: $this->PhpGacl->assign(1, array ('editor', 'developer')); The 'authenticated' group will be un-assigned from the user (as it no longer is assigned) and the user will be now assigned to groups 'editor' and 'developer'. Therefore, to completely un-assign groups from a user you would do: $this->PhpGacl->assign(1, array()); or simply: $this->PhpGacl->assign(1); SETTING PERMISSIONS FOR A GROUP ------------------------------- To set what a group is allowed access on do: $this->PhpGacl->savePermission($group, $controllers, $allow) where $group is the group identifier, $allow is true if you want to grant access or false to deny (defaults to true), and $controllers is either: a. One controller. Example: $this->PhpGacl->savePermission('editor', 'Posts'): then the group will be granted access to all actions within controller Posts. b. A set of controllers in an array. Example: $this->PhpGacl->savePermission('editor', array('Posts', 'Categories')): then the group will be granted access to all actions within controllers Posts and Categories. c. An array of elements where each element is of the form Controller => action. Example: $this->PhpGacl->savePermission('editor', array('Posts' => 'view')): then the group will be granted access to only action view in controller Posts. d. An array of elements where each element is of the form Controller => array of actions. Example: $this->PhpGacl->savePermission('editor', array('Posts' => ('index', 'view'))): then the group will be granted access to only actions index and view in controller Posts. You can naturally mixed this forms up. So another valid call is: $this->PhpGacl->savePermission('editor', array ( 'Posts', 'Categories' => array('index', 'view'), 'Users' => 'profile' )); then 'editor' will have granted access to all actions within controller Posts, only actions index and view for controller Categories, and only action profile for controller Users. You can add as many permissions as you wish for a group. To delete *ALL* permissions associated to a group just do: $this->PhpGacl->delPermissions($group); MANUALLY CHECKING FOR ACCESS ---------------------------- If you want to check if a user can have access to a controller and an action, just do: $result = $this->PhpGacl->access($user, $controller, $action); where: a. $result: will be true if access is granted, false otherwise. b. $user: is the user identifier. c. $controller: is the CakePHP's controller name (example: Posts, Categories) d. $action: is the action (example: view, index) You can also ommit $action: $result = $this->PhpGacl->access($user, $controller); On which case $result will be set to true if $user has access to at least one action in $controller. You can do manual checking instead of automatic checking by, for example, adding a call to $this->PhpGacl->access() on your controller beforeFilter(). For example, the following is a quick method to check that the user stored in session key User has access to the current controller/action, and if it doesn't, it will redirect him/her to CakePHP's root: function beforeFilter() { if (!$this->PhpGacl->access($this->Session->read('User'), $this->name, $this->action)) { $this->redirect('/'); exit; } return parent::beforeFilter(); } AUTOMATIC CHECKING FOR ACCESS ----------------------------- First of all, you will naturally need to have the component added to your controller (or your AppController.) The next thing to know is that the controller will only check access on those controllers that have the variable $gacl defined. $gacl can either be: a boolean value set to true (on which case all settings are set to default) or an array of settings, as shown below. The $gacl, when set as an array, defines settings for these things, defined as $index => $settings: 1. 'check': Specifies on which controller/actions should ACL check be performed before running the actions. If you ommit this settings (not setting 'check' at all in the array) then all actions in the current controller will be checked for access. Otherwise, this can be a set of controllers as specified on the section "SETTING PERMISSIONS FOR A GROUP" above. 2. 'get': specifies how the component gets the current USER ID. If this setting is not set, it will look for a session key called User on the current session, otherwise it will use the method describe on this setting. This setting is defined as an indexed array with two indexes: 'type', and 'value'. Set the 'type' to either 'session', on which case specifcy on 'value' the key to look for, or 'callback', on which case 'value' is a function inside your controller that will be called and should return the user identifier. 3. 'denied': tells the component what to do if user is denied access. This setting is defined as an indexed array with two indexes: 'type', and 'value'. Set the 'type' to 'redirect' and the 'value' to whichever CakePHP URL you want the user redirected to; or set the 'type' to 'callback' and the 'value' to a method in your controller that you want executed whenever user is denied access. 3. 'user': set it to a user identifier if you don't want to use method 2 above and just want to set a specific user ID. Let's see some examples: var $gacl = true; Does the checking on its default mode: a. All actions in current controller are checked for ACL access. b. The user is obtained from a session variable with key User, that can be either an array (on which case its element with index 'id' will be the identifier) or a valid string. c. If access is denied, it will redirect the user to the root of the CakePHP application (same as $this->redirect('/') from a controller) var $gacl = array ( 'get' => array ( 'type' => 'session', 'value' => 'MyUser' ), 'denied' => array ( 'type' => 'redirect', 'value' => '/pages/denied' ) ); a. All actions in current controller are checked for ACL access. b. The user is obtained from a session value with key 'MyUser'. c. If access is denied, it will redirect the user to /pages/denied. var $gacl = array ( 'check' => array ( 'Posts' => array ('index', 'view') ), 'get' => array ( 'type' => 'callback', 'value' => '_getUser' ), 'denied' => array ( 'type' => 'callback', 'value' => '_accessDenied' ) ); a. Only actions index and view from controller Posts is checked for ACL access. This is useful if you are defining this setting at the AppController level. b. Whe user will be obtained by calling the method _getUser defined in the controller (or in AppController). This method can look something like: function _getUser() { $user = array ( 'id' => 1 ); return $user; } c. If the user is denied access, it will execute the method _accessDenied defined in the controller (or in AppController). This method can look something like: function _accessDenied() { // Do something like log denied access on DB // Redirect to home $this->redirect('/'); exit; } -MI --------------------------------------------------------------------------- Remember, smart coders answer ten questions for every question they ask. So be smart, be cool, and share your knowledge. BAKE ON! blog: http://www.MarianoIglesias.com.ar --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
