I love CakePHP, but cannot wrap my head around the ACL/Auth subject. Everything else comes together nicely, but when it comes to this, I am lost. On top of it, I cannot finish my application if this is not solved. Therefore, I desperately need your help.
Things to note:
I have tried a few of the plugins available, but to no avail.
I have used tutorials online as well as the latest CakePHP book by Mariano, with no success.
I have tried on my own, also to no avail
Why is it so hard to get this accomplished?
These are my questions:
Is there any other way to handle Access Rights in a CakePHP application with Multiple Admin, users, etc?
For the possibility that ACL is the only/best way, how else could I approach this?
What could I possibly be doing wrong?
As you say that you have already tried a few of the available plugins, you have maybe already tried my own one: http://www.alaxos.net/blaxos/pages/view/plugin_acl It is mainly a graphical interface that allows to set the ACL permissions when they are used to grant/deny access to actions.
My point here is that in addition to the plugin itself, I made available a very simple sample application http://www.alaxos.net/blaxos/pages/view/demo_plugins that uses this plugin. It may help you if you install it and look at the code, as the application has some public parts, and some parts protected by the ACLComponent.
This is one of the pains in Cake, the complexity of ACL..
Is there any other way? Well, yes. Yes, in the sense that you can cook up your own access rights management, and simply go around the cake's ACL implementation. For example, you could have a role based ACL where roles would be pretty much a fixed list. This can be accomplished in many ways, one of which was demonstrated with DarkAuth.
Further more, don't try to fit your app into the cake's ACL scheme if it doesn't suit you. Bake your own, cake offers you the option of plugging in your own objects for auth/ACL stuff, so use it!
But do note that any feature-rich ACL system you want to create yourself might end up looking much like cake's ACL..so first decide exactly what you need, and then look for a way to do it.
In any case, good luck!
I just recently wrote the probably most simple Auth - I called it "Tiny":
http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/
It should be just about what you need.
It does need the roles to be present in the Session Auth, though and that you manage user roles yourself.
So you might have to add this to your login method if you want to use multi role Auth.
Related
I work on a social web application, and I really hesitate between using ACLs or using my own permissions system. I work for several days with ACLs to see their behavior and savoi what I could and could not do.
In my application, members can set permissions on what they have (profile, photo album, etc.). I also need to set permissions for moderators who can check the content of a profile and photo albums, but do not have the right to the modifiers or deleted, however the administrator to all rights .
For the profile, the user can decide their make public, visible only by members or friends. For this, I could create a perfectly ProfileSettings table with different fields to see what information is visible and can access the profile. The problem is if I want to implement a choice according to a list of friends in the way of Facebook. I imagined the scenario with ACL, but I fear that the requested resources are enormous. Create a profile for each aco is not bad especially if requested database include 300 members, not to mention the need to save all the permissions as appropriate and user choice. So I think not allow members to define which users can access their objects, but only groups.
There still remains the question about ACLs. In my case is this a good idea? I also have to set permissions on the forums, eg a moderator can update a thread / post, a forum can be visible only by the admin / moderators etc.
Where I am afraid to use ACL is that the slightest mistake can cause serious damage, but at the same time, it allows me to set up permissions faster.
Thank you for your help and your advice :)
The correct answer is probably "Yes, your use-case makes sense to use Cake's ACL."
However, I've tried a number of times to use ACL. The learning curve was too high/time consuming for me. I used it on an app and a few months in had the problem you mentioned - one small issue, and everything fell apart. And without knowing exactly what I was doing / what I needed to do to resolve, it became a nightmare. Not only that, but when I wanted to extend it or do ANYTHING other than the specific example, I couldn't get it to work.
From then on, I just built my own to the specific needs of the project.
If you have someone you know who uses it regularly and can teach you the the ins and outs of Cake's ACL, then it might be fine to use it. Otherwise, I'd build my own. Even if it's not "better", at least if/when something goes wrong, you'll understand it enough to fix it.
I am building an GAE app that allows users to share documents over different contexts. Nothing too fancy.
I want to use Gdata in such a way that it is the app that owns the documents, and not the users. This way, I shouldn't need any kind of tokens --one would think.
This is the main idea:
App user creates doc --> App creates doc and owns it --> user can RUD & share the doc
Is there any recommended way to authenticate using just a hard coded user & password?
The ClientLogin, up to now, seems to be the way to go.
http://code.google.com/apis/gdata/docs/auth/clientlogin.html
But I still have some doubts about the following:
Am I putting myself in a scenario of possible restrictions over other alternatives?
Is really ClientLogin the best way to go?
Could really use advice from others' experience here. Procrastination is killing me.
Cheers,
A.
If this is a personal project, and you've only got a very small group of users, the design might be OK.
One really good reason to use OAuth is that you won't need to store the account password somewhere. Instead you'll be able to implement a simple 'setup' process to get and store an access token. OAuth is also nice since you'll be able to restrict the access scope.
However, I must say, I find your question very vague -- so more specific answers are difficult.
I have a forum with >400 registered users. It's powered by vBulletin-4.0.4. I want to build up several websites with kohana-3.1, but keep existing forum users too. I will use seperate databases for each application (I want to keep apps as independent as possible).
So my solution is:
step 1. create special app users.mydomain.com where each user can register and update their details (birthdate/email/password). This app will catch all changes and write them to forum database and application databases.
step 2. modify default auth module to handle forum authentication. vBulletin uses algorithm: $hash=MD5(MD5($password)+$salt) for pass hashing.
Am I in the right direction? Is it OK?
Someone has already done this: Kohana vBulletin Bridge. You will need to contact the author of the module as the source code is no longer online. It wont be too difficult to upgrade it to 3 if you get it.
I haven't used vBulletin so I can't give you much advice on the subject, but you're right about the hashing algorithm. You'll also need to make sure your session is read and written as they are in vBulletin.
A quick search of vBulletin SSO to get you started.
I know it has great out-of-the-box features but is it easy to customize?
Like when I query stuff from the database or change css layouts.
Is it faster to create my own modules for it or just go on and write everything from scratch using frameworks like Cake
I'm currently working on an Elgg-based site and I absolutely hate it. The project was near completion when I stepped in, but the people who created were no longer available, so I took it over as a freelancer.
As a personal impression, you are much better off writing the app from scratch in a framework. I don't know if the people before me butchered it, but the code looks awful, the entity-based relationship model is wierd to say the least and debugging is horrendous. Also, from my point of view, it doesn't scale very well. If you were to have a consistent user base, I'd be really really worried.
It keeps two global objects ($vars and $CONFIG) that have more than 5000(!) members loaded in memory on each page. This is a crap indicator.
I've worked extensively with cake. With Elgg, for about a month in a project that is on QA stage right now.
My advise is: if you need something quick with a lot of features and you only need to customize a little, go with Elgg.
If you're going to customize a lot and you can afford the development of all the forums, friends, invites, etc. features, go with Cake or any other MVC framework.
I have been working on a Elgg site for the past month or so, its code is horrible, however it's not the worst I've seen :D. it's not built for programmers like Drupal is :D. But it's not too bad. Once I got a handle on the metadata functions and read most of the code I was able to navigate it well and create custom modules and such.
What would help immensely would be some real documentation and explanation of the Elgg system. I don't think that's going to happen though :).
Out of the box there are a few problems, there are some bugs that haven't been fixed for a while and I've had to go in and fix them myself. Overall, you can make it pretty and it has some cool functions, but i wouldn't dive in until i had read the main core code to get a handle on what's happening on the backend.
Oh and massive use of storing values in globals. and a crap ton of DB calls (same with Drupal though).
i wonder if the use of storing everything, and i mean everything for your site in the globals will really hinder the server if you have a massive user load.
If you want to build a product based on a social networking platform/framework then Elgg is definately a good way to go. The code is not that bad if you actually look before leaping and doing what elgg expects. You go against its processes and structures and it will leave you beaten by the side of the road.
Developing modules/plugins or editing CSS is easy and Elgg does give you great flexability to basically build your own product ontop of it. Dolphin, as comparrison, does not allow you to do anything outside of what it expects you to do.
If you however just need a framework (not primarily for social networking etc) with some user based functionality then i suggest Cake, or if your project is HUGE then maybe Symfony or Zend. They all have plugins you can download and use/hack which would be easirer to adjust for personalised needs.
To show what you can do with elgg here is a site Mobilitate we built with Elgg 1.7. This is a very complicated website and was built ontop of Elgg.
We are starting a new project with Elgg 1.8. The new version is a major improvement they have made a lot of elements easier, incorporated better JS and CSS implementation/structure and have better commented their own code.
Elgg's database schema is horrific. They've essentially implemented a NoSQL database in SQL. It completely defeats the purpose of using a relational table structure.
If you can ignore this, and aren't doing much customization, you might be OK with Elgg. If not, STAY AWAY.
I've been working with Elgg for over a year. It is easier to customize than it would be to build something from scratch using a framework like CakePHP. I tried CakePHP and found it even more complicated than Elgg.
It is difficult to query the database due to the entity-based relationship model. You should use the build-in methods for accessing data. However, I have written many queries to double check on what is actually stored in the database.
You cannot change layouts using CSS alone. You have to deal with the various Elgg views. But CakePHP uses the same Model/View/Controller MVC concept so that would be just as difficult.
When I was setting up an account with gmail few years back (probably this is still a case, haven't check) I've noticed that system doesn't allow to register common terms, nouns as username, it seemed that it used a sort of dictionary for screening. I would like to implement similar feature in my app, anyone have idea how to tackle this? App is written in PHP but understand I'll have to hook it up with online service.
Thanks
Wordpress MU has such feature too, you fill a list of possible usernames that you want to avoid and they become unavailable for users. You can check its source to get their approach...
Sinan.
Well the API will vary from service to service so I'd suggest you find one, look at their developer docs and then if you have a question ask it here.