February 14, 2008 at 10:23CakePHP. Sharing access without ACL component.
At the moment I am writing a system using a combination of CakePHP and MS SQL. At first I tried to use the standard ACL component, but it turned out that CakePHP does not fully support MS SQL (at least in this component). Therefore, I had to come up with the following method of sharing access.
It is assumed that we have a User model that describes the user, and there is an is_admin field in it that defines his membership in the group of administrators. Thus, there are three groups: guests, users, and administrators.
To implement the approach, you need to add code to the app_controller.php
class AppController extends Controller
{
function beforeFilter ()
{
$ allowedToUsers = isset ($ this-> allowedToUsers)? $ this-> allowedToUsers: array ();
$ allowedToGuests = isset ($ this-> allowedToGuests)? $ this-> allowedToGuests: array ();
$ group = $ this-> userGroup ();
switch ($ group)
{
case 'user':
if (! in_array ($ this-> action, $ allowedToUsers))
{
$ this-> redirect ('/ pages / norights');
}
break;
case 'guest':
if (! in_array ($ this-> action, $ allowedToGuests))
{
$ this-> redirect ('/ users / login');
}
break;
}
}
function userGroup ()
{
$ user = $ this-> Session-> read ('User');
$ ret = '';
if (empty ($ user ['name']))
{
$ ret = 'guest';
{
$ ret = 'admin';
}
else
{
$ ret = 'user';
}
return $ ret;
}
}
?> It
remains to establish restrictions in the application controllers. To do this, add the $ allowedToUsers and $ allowedToGuests arrays containing a list of controller actions that are allowed access to the corresponding groups (it is assumed that administrators are allowed to do everything).
class StudentsController extends AppController {
var $ name = 'Students';
var $ helpers = array ('Html', 'Form', 'Time');
var $ allowedToUsers = array ('index', 'view', 'add', 'edit', 'delete');
var $ allowedToGuests = array ();
It is assumed that we have a User model that describes the user, and there is an is_admin field in it that defines his membership in the group of administrators. Thus, there are three groups: guests, users, and administrators.
To implement the approach, you need to add code to the app_controller.php
class AppController extends Controller
{
function beforeFilter ()
{
$ allowedToUsers = isset ($ this-> allowedToUsers)? $ this-> allowedToUsers: array ();
$ allowedToGuests = isset ($ this-> allowedToGuests)? $ this-> allowedToGuests: array ();
$ group = $ this-> userGroup ();
switch ($ group)
{
case 'user':
if (! in_array ($ this-> action, $ allowedToUsers))
{
$ this-> redirect ('/ pages / norights');
}
break;
case 'guest':
if (! in_array ($ this-> action, $ allowedToGuests))
{
$ this-> redirect ('/ users / login');
}
break;
}
}
function userGroup ()
{
$ user = $ this-> Session-> read ('User');
$ ret = '';
if (empty ($ user ['name']))
{
$ ret = 'guest';
{
$ ret = 'admin';
}
else
{
$ ret = 'user';
}
return $ ret;
}
}
?> It
remains to establish restrictions in the application controllers. To do this, add the $ allowedToUsers and $ allowedToGuests arrays containing a list of controller actions that are allowed access to the corresponding groups (it is assumed that administrators are allowed to do everything).
class StudentsController extends AppController {
var $ name = 'Students';
var $ helpers = array ('Html', 'Form', 'Time');
var $ allowedToUsers = array ('index', 'view', 'add', 'edit', 'delete');
var $ allowedToGuests = array ();