21 July 2008

Creating ACL in CakePHP

Notes:

acl (access control list)
aro (access request object)
aco (access control object)


Make sure that /app/config/database.php is present and configured properly.
Next, user the CakePHP console to create the ACL database tables:

cake schema run create DbAcl



Follow the instructions on the screen to create or drop any existing ACL database tables.

To get an idea of what cake acl can offer, run this:

cake acl help



To create some top level (root) aros:

cake acl create aro root warriors
cake acl create aro root wizards
cake acl create aro root hobbits
cake acl create aro root visitors


Running the view command, you'll see a tree structure of the aros:

cake acl view aro

Aro tree:
  [20]warriors
  [21]wizards
  [22]hobbits
  [23]visitors



Create some second level aros:

cake acl create aro warriors Aragorn
cake acl create aro warriors Legolas
cake acl create aro warriors Gimli
cake acl create aro wizards Gandalf
cake acl create aro hobbits Frodo
cake acl create aro hobbits Bilbo
cake acl create aro hobbits Merry
cake acl create aro hobbits Pippin
cake acl create aro visitors Gollum


cake acl view aro

Aro tree:
  [20]warriors
    [25]Aragorn
    [26]Legolas
    [27]Gimli
  [21]wizards
    [28]Gandalf
  [22]hobbits
    [24]Frodo
    [29]Bilbo
    [30]Merry
    [31]Pippin
  [23]visitors
    [32]Gollum



To create some top level (root) acos:

cake acl create aco root Weapons
cake acl create aco root Rings
cake acl create aco root PorkChops
cake acl create aco root DiplomaticEfforts
cake acl create aco root Weapons


Similarly, to view the acos:

cake acl view aco

Aco tree:
  [1]Weapons
  [2]Rings
  [3]PorkChops
  [4]DiplomaticEfforts
  [5]Ales



To set permissions to the aros, grant warriors full access (create, read, update, delete) to the Weapons.

cake acl grant warriors Weapons all


Since Legola is part of the warriors, thus Legolar inherits the grant as well.

cake acl check Legolas Weapons read

Legolas is allowed.


Specifically denying Legolas read access to the Weapons.

cake acl deny Legolas Weapons read


Running a check will show that Legolas still has other access.

cake acl check Legolas Weapons read

Legolas is not allowed.


cake acl check Legolas Weapons create

Legolas is allowed.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)