I agree with Ketan on this. ACL has a steeper learning curve, but in the end it is more flexible and powerful. I also prefer to have the access control managed from one point (AppController). Makes it harder to accidentally leave a controller, or action unprotected.
I use Acl for all my applications now and wouldn't go back. Regards, Langdon Ketan Patel wrote: > Well, I too was in the same boat you are currently. Earlier, I > thought that ACL is a bit of too much for what I needed and went the > path you are thinking of going. Hard coding it based on what you think > the groups of users would have the access to. It works best at the > basic level. But the moment you start making changes to groups of > users and the stuff they have access to, it gets clumsy and difficult > to maintain. So based on my experience, if you are not going to change > things later on with groups of users or access areas, then go with the > hard coded method. It will get your job done. > > But on the other hand, if you use ACL in this case, it would be > difficult to get going initially, as you may have figure stuff out. > But once it is setup, you will have a peace of mind because you know > if you had to change something, it would be just one record change and > the changes will appear system-wide. That is the beauty of ACL and I > am now a fan of ACL. Ease of maintaining the access is what makes use > of ACL elegant. > > If you think of using ACL, then make sure you use the ACL behavior > that comes with Cake. I am in process of writing an article for ACL > from start to finish, which would get a user going with ACL in least > amount of time. > > Cheers, > Ketan ;-) > > [EMAIL PROTECTED] wrote: >> I'm working on a site that I've been using Cake's ACL for so far - >> basically, I've got three main groups/areas to the site, a public >> area, a customers area, and an administration area. There will >> eventually be different levels of administrators inside the >> administration area. I've got those setup as AROs, and was planning on >> setting up an ACO list with controllers and actions, and then allowing >> and disallowing each group certain ones. Then for things such as >> navigation and homepage customizations for the different groups, I >> would just detect which ARO group a user was under, and choose which >> version to use. >> >> But I'm wondering if it wouldn't be easier do what I was planning to >> do with homepage and navigation modifications for the whole thing. >> Simply to have a users and a groups model, and a component that you >> can call from the action to find out which group the current user is >> logged into. Then the action would allow, disallow, or modify its >> behavior based on that information. So instead of storing what a >> certain type of user is allowed to do and isn't allowed to do inside >> ACL database, and checking from the appController, they would be hard >> coded into and checked in individual actions or whole controllers. >> They don't need to change much, unless I'm adding a new type of user >> or a new type of action. It seems that this might be a lot less >> complex, and work just as well. >> >> My question is, best practices wise, is this a good system to use? Or >> is ACL pretty much the standard way to do it? > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
