I believe I've found the problem. I've also figured out a work
around. I'm running cake 1.3.6
If you include bindNode in the user model:
function bindNode($user) {
return array('Group' => array('id' => $user['User']
['group_id']));
}
a certain stanza of code is executed in /cake/libs/model/db_acl.php
starting at line 151 (if line number is wrong look for the actual
code) beginning with:
if (method_exists($model, 'bindNode')) {
This part of the code executes your bindNode you defined in user.php
model. all fine and well until you reach here:
foreach ($ref as $key => $val) {
if (strpos($key, $type) !== 0 && strpos($key,
'.') === false) {
unset($ref[$key]);
$ref["{$type}0.{$key}"] = $val;
}
}
the $val that is assigned to the $ref["{$type}0.{$key}"] is the
group_id of your user instead of the id of the Aros record, which is
what it should be.
upon entering the foreach above $ref looks like this:
Array
(
[Group] => Array
(
[id] => 7
)
)
upon exiting $ref looks like this:
Array
(
[Aro0.id] => 7
)
In my database the aros.id for group 7 is really 26 and looks like
this:
id:26 parent_id:NULL model:Group foreign_key:7 alias: lft:37
rgt:
40
My ACL is set up as group based, which means I don't care about
individuals permissions only about the permissions of the group
they're in. So I set up my ACL for my Group "7" like this:
$group->id = 7;
$this->Acl->allow($group, 'controllers');
$this->Acl->revoke($group, 'controllers/Albums');
which produced aros_acos records like this:
id aro_id aco_id _create _read _update _delete
35 26 1045 1 1 1 1
37 26 1383 -1 -1 -1 -1
Notice the number 26 which is the aro_id. aco_id 1045 is the
controllers and 1383 is the Albums .. all looks accurate.
So I fixed this problem by looking up the correct aro.id for my group
id and updated the $ref array. Doing this allowed me to leave the
foreach loop above as-is and So now when $ref enters the foreach I
describe above it looks like this:
Array
(
[Group] => Array
(
[id] => 26
)
)
And upon exit $ref looks like this:
Array
(
[Aro0.id] => 26
)
I did it by replacing:
$ref = $tmpRef;
with:
$queryData = array(
'conditions' =>
array('model'=>'Group','foreign_key'=>
$tmpRef['Group']['id']),
'fields' => array('id')
);
$result = $db->read($this, $queryData, -1);
$tmpRef['Group']['id'] =
$result['0']['Aro']['id'];
$ref = $tmpRef;
if you do a text search for $ref = $tmpRef; in db_acl.php you'll find
only one occurrence .. and it should be inside the function node.. I
would give the exact line number but I have so much debug code it
wouldn't be accurate..
You can leave all the rest of the code as-is. Just make this one
change in db_acl.php.
Anyone know how to verify if this is indeed a bug in the core? And if
so submit it as one? .. Never found and / or submitted a bug before.
Hope this helps someone because it literally destroyed 3 days of my
life when I was trying to figure out why my ACL system broke migrating
from 1.2.6 to 1.3.6
-Mike
On Nov 4, 6:14 am, Marc Divins <[email protected]> wrote:
> Same here, I tried to do itbe cause I always use permissions thinking
> on groups/roles. Despite doing same as example, users are still added
> to AROs table.
> I hope we got something soon :)
>
> On 3 nov, 21:34, Jeremy Burns | Class Outfit
>
>
>
>
>
>
>
> <[email protected]> wrote:
> > I'm still really hoping that someone with some inside knowledge can shed a
> > light on this for me.
>
> > Jeremy Burns
> > Class Outfit
>
> > [email protected]http://www.classoutfit.com
>
> > On 1 Nov 2010, at 07:24, Jeremy Burns | Class Outfit wrote:
>
> > > Because the users table has a group_id on it.
>
> > > Jeremy Burns
> > > Class Outfit
>
> > > [email protected]
> > >http://www.classoutfit.com
>
> > > On 31 Oct 2010, at 14:48, huoxito wrote:
>
> > >> Guess I dont get your point.
>
> > >> Users still must de added on Aro's table, otherwise how would your
> > >> system know that an user A belongs to group ALFA ?
>
> > >> On 29 out, 08:23, Jeremy Burns | Class Outfit
> > >> <[email protected]> wrote:
> > >>> Anybody else got any more ideas on this? Anyone using it with success?
>
> > >>> Jeremy Burns
> > >>> Class Outfit
>
> > >>> [email protected]
> > >>> (t) +44 (0) 208 123 3822
> > >>> (m) +44 (0) 7973 481949
> > >>> Skype: jeremy_burnshttp://www.classoutfit.com
>
> > >>> On 27 Oct 2010, at 17:10, Jeremy Burns | Class Outfit wrote:
>
> > >>>> I wish that were the case, but the guide then gives an example of the
> > >>>> aros table, which only includes
> > >>>> groups:http://book.cakephp.org/view/1547/Acts-As-a-Requester
>
> > >>>> Jeremy Burns
> > >>>> Class Outfit
>
> > >>>> [email protected]
> > >>>>http://www.classoutfit.com
>
> > >>>> On 27 Oct 2010, at 13:41, cricket wrote:
>
> > >>>>> On Tue, Oct 26, 2010 at 4:40 PM, Jeremy Burns
> > >>>>> <[email protected]> wrote:
> > >>>>>> According to the online tutorial:
>
> > >>>>>> "
> > >>>>>> In case we want simplified per-group only permissions, we need to
> > >>>>>> implement bindNode() in User model.
> > >>>>>> Code View
>
> > >>>>>> function bindNode($user) {
> > >>>>>> return array('Group' => array('id' => $user['User']['group_id']));
> > >>>>>> }
>
> > >>>>>> function bindNode($user) {
> > >>>>>> return array('Group' => array('id' => $user['User']
> > >>>>>> ['group_id']));
> > >>>>>> }
>
> > >>>>>> This method will tell ACL to skip checking User Aro's and to check
> > >>>>>> only Group Aro's.
> > >>>>>> "
>
> > >>>>>> I've done this but I'm still getting users added to the aros table.
> > >>>>>> What am I missing?
>
> > >>>>> I believe that's normal. Users will still be present in aros but the
> > >>>>> point is that ACL won't /check/ User, but Group.
>
> > >>>>> Check out the new CakePHP Questions
> > >>>>> sitehttp://cakeqs.organdhelpothers with their CakePHP related
> > >>>>> questions.
>
> > >>>>> You received this message because you are subscribed to the Google
> > >>>>> Groups "CakePHP" group.
> > >>>>> To post to this group, send email to [email protected]
> > >>>>> To unsubscribe from this group, send email to
> > >>>>> [email protected] For more options, visit this
> > >>>>> group athttp://groups.google.com/group/cake-php?hl=en
>
> > >>>> Check out the new CakePHP Questions sitehttp://cakeqs.organdhelpothers
> > >>>> with their CakePHP related questions.
>
> > >>>> You received this message because you are subscribed to the Google
> > >>>> Groups "CakePHP" group.
> > >>>> To post to this group, send email to [email protected]
> > >>>> To unsubscribe from this group, send email to
> > >>>> [email protected] For more options, visit this
> > >>>> group athttp://groups.google.com/group/cake-php?hl=en
>
> > >> Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp others
> > >> with their CakePHP related questions.
>
> > >> You received this message because you are subscribed to the Google
> > >> Groups "CakePHP" group.
> > >> To post to this group, send email to [email protected]
> > >> To unsubscribe from this group, send email to
> > >> [email protected] For more options, visit this group
> > >> athttp://groups.google.com/group/cake-php?hl=en
>
> > > Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp others
> > > with their CakePHP related questions.
>
> > > You received this message because you are subscribed to the Google Groups
> > > "CakePHP" group.
> > > To post to this group, send email to [email protected]
> > > To unsubscribe from this group, send email to
> > > [email protected] For more options, visit this group
> > > athttp://groups.google.com/group/cake-php?hl=en
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
