Working on a SSO plugin and having issues for the SSO users. I have added them to a role that local users use but its not working. The issue I believe is that I do not have anything in the aros table, the lft and rght, for the SSO user. I believe this is why its not working but not sure. Could someone help me understand how I can generate those or just what they are used for? Most documentation is really limited. Thanks
The lft, rght values are for MPTT. If you don't have proper values for those fields CakePHP won't be able to properly traverse the records of table (using TreeBehavior).
Remove the records you added by hand and instead use ACL Shell to add the records.
In general TreeBehavior::recover() can be used to fix the lft, rght values.
Related
I've got a simple ARO/ACO set up with simply all my users as AROs and all my Modules as ACOs and the ARO_ACOs table holds the permission rights.
This works great, except when I delete a User, I'd like to be able to clean up the ARO_ACOs and ARO tables by removing any entries associated with the ARO related to the user.
How do I go about this? The documentation is not helpful at all!
Using the ACL behavior? No action required
Assuming the acl behavior is in use, there's no need to do anything as it automatically deletes acl records for aros/acos, which will also delete the permission records at the same time.
I want to create multiple levels of users in my application developed using django1.6 and python 3.2. I inserted the levels in auth_group table. but in the add user page of Django Admin I can assign one user to more than one group(multiselect Group values). Actually I want is one user to one Group only.
Please reply me.
Definitely change the django core is not an option. You shouldn't never do it because in the future you will have problems to update your system to the new django versions,
I can't see clearly why you want to do it but if you really think is a good implementation you should extend your Authentication model to implement what you need:
https://docs.djangoproject.com/en/dev/topics/auth/customizing/
I (finally) got ACL to work properly, based on group permissions. However when I create a new user (Users/add) it automagically.. I mean.. autoinconveniently creates a User ARO..
While this is not really a big problem, I would like my ARO table to stay as clean as possible. Just my groups.
How do I disable the automatic creation of a User ARO object when creating a new user through CRUD?
i had the same problem and, like you, i said to myself "its not a big deal as long as it's working"... but when i started to have more and more users and when i added new groups, i found that ACL was not working correctly.. If you're using a group-based permissions, you MUST ONLY have groups in your AROS table.
Brief, the documentation says that you need to add the bindNode() in your Users model if you want a group-based ACL, but what they don't tell you is that for group-based permissions your User model doesn't have to implement the requester behavior and you don't need the parentNode() neither. Remove those two and it should be ok.
I added a note on the documentation, i hope it gets published :)
Good Luck
I've been diving into CakePHP this year and I'm loving it! However, I've just run across a problem that I'm not sure how to handle. My database design is this--
USER can belong to one or more WEBSITE
A WEBSITE can have many USER
So I have a many-to-many relationship which is tracked in MEMBERSHIP
MEMBERSHIP also tracks what group_id the USER has for that WEBSITE.
For example, if user1 joins website3 as an administrator and website5 as a editor, then the MEMBERSHIP table has an entry reflecting both those roles.
Basically my problem is Cake's ACL. In the above-mentioned model, user1's group_id would change depending on which WEBSITE he's selected after logging in. (And he could subsequently change to even more websites within the dashboard by changing the group_id again and again). Cake's ACL appears to only handle 'user belongs to one group' period.
Can I trick the ACL by giving it the group_id from the session every time its changed and then reload the AROs? Would it make more sense to scrap ACL and create my own permissions module?
Any suggestions or ideas to point me in the right direction would be GREATLY appreciated!
i think it will be the best way to create your own permission module.
the reasons are quite simple:
you can modify/extend it in any way YOU want
you will not break any cakePHP specifications
I am new to cakephp and trying to follow the ACL Authentication tutorial from the cakephp book. However I would like to call my users table 'members' instead. so I have usernames and passwords stored in a table called 'members'. but the ACL auth always seems to be looking for a user model and users table. although that is not configured anywhere.
how can I tell the ACL/Auth component to look for the members table/model instead ?
thanks alot!
sorry I am stupid and it's late, I found the answer already.
the solution is to use $this->Auth->userModel = 'Member'; in the auth setup (function beforeFilter)