I'm using CakePHP's ACL component to manage permissions for my app. I have about three different "Roles", with different access levels. I am using the HTML helper throughout, to create links to different pages. I would like links to only display if the user has permission to access the page.
The obvious but cumbersome approach, I guess, would be to set variables to the view containing permissions and show links based on these variables.
I was wondering if there is a better way - perhaps a helper that extends the HTML helper to provide a method that checks permissions first?
Thanks.
I wouldn't recommend to use a helper which has this sort of functionality.
This is because this helper would have to do the checking on every link you use on that page. This would slow down your application.
So I think the best approach is your approach. Set the permission on login and display your links accordingly.
We are using this in our application, too, and it works very good and fast.
Related
I am trying to use both components in my angular application. I am a backend developper and absolutely newbie in angular. I have been reading the roles and users components in the source code and I think I cloned it for my Customers component. I have guards, defaults and all the code like Roles and Users but, although the code compiles and the API call is done, I have nothing in the screen, only the Total records are displayed. No action buttons, no table rows, no pagination...
Is there anyone who has use these components and can bring me some help?
Many thanks
Those components are needed for customizing built-in modules. Let's talk about Users for example. The Users component is a built-in page and you do not have access to its code. However, you may still need to make some changes like adding a New User button on the toolbar or changing its columns, form fields etc. That's why ABP Framework provides some injection tokens to override/extend/customize these features. Since you are developing your own page, you do not need any of this. You can directly use ngx-datatable in your own component, add or remove columns and so on.
I did not found any answer to this. So is there a way in Wagtail to have an AbstractEmailForm without AbstractFormField (for example, can I hard code them into AbstractEmailForm? I know that AbstractEmailField has some variables that Django requires). I just need to have a contact form only with email field, I dont need to set fields dynamically.
And the second question: How do I set permission for that form page so that only superuser can edit the form page?(And the translated version too? There are a lot of answers to this, but I don't actually understand how to do it with AbstractEmailForm).
Thanks a lot!
If you're hard-coding your form fields, then the Wagtail forms module doesn't really give you anything that you don't already get from Django's forms framework, and so you're better off using Django forms directly. The serve method on a Wagtail page is equivalent to a Django view function, so any form-processing logic that would normally go into a view function can be placed in serve.
There's an example of this here (but written for Wagtail 1.x, so imports will need adjusting): https://github.com/gasman/wagtail-form-example/commits/master
I am trying to move from CodeIgniter to CakePHP and can't figure out the best way to implement an admin panel. In CI I would create two different applications, one for the frontend and one for the admin panel.
After Googling around, I have found three ways to implement admin panel in CakePHP:
Routing - I don't want to use this as I want by Controllers/Models to be separate for frontend and admin panel
Plugin
Two separate apps
Should I use plugin to implement admin panel or should I have separate apps? Any benefits of one over the other?
I normally develop the admin/backend as a plugin. This keeps your backend/admin controllers/views/models separated from the frontend and you don't have to jump through hoops to have separate stylesheets, layouts etc.
Another advantage is that both front- and backend are still part of the same application, so if desired, you can share logic/components, for example you'll be able to put helpers that are usable both for front- and backend in another plugin (e.g. plugins/Shared or plugins/Handytexttools) and use those both wherever you want
As a rule of thumb; put components that may be reuseable for other projects in a separate plugin, this way you can just add those plugins to other projects without problems. Keep your plugins simple; it's no problem to create a plugin containing just one or two helpers or models and a few files of JavaScript. This will make it easier to 'cherry pick' the plugins that you need for a project. Once Cake has 'cached' the file-locations of all classes in your plugins, the overhead of separate plugins should be minimal.
Coming back to the 'admin' plugin. Try to only include code specific for this project in your admin plugin and reusable parts in another one (e.g. Generic stylesheets and layouts for admin-panels). You'll be able to start a admin-plugin for your next project with minimal coding
Good luck with your project and enjoy CakePHP
If you want to keep your controllers and models separate - I'd go with a separate app, although you'll end up with a bunch of duplicate code between the apps (maintenance headache waiting to happen).
My choice would be admin routing and an admin theme.
Enable admin routing in /app/Config/core.php
In AppController beforeFilter():
$this->theme = isset($this->params['admin']) ? "Admin" : "Site";
Move all your site views and assets into /app/View/Themed/Site/
Create your admin themes in /app/View/Themed/Admin
Old and refers to CakePHP 1.3, but still is a question you should check: CakePHP admin panel
The Cake way is routing. I'd go with a plugin like CakeDC Users that makes things easier.
You could use admin-routing. Check out:
http://book.cakephp.org/2.0/en/development/routing.html#prefix-routing
Another solution -which I find really easy to implement- is like this:
In your AppController:
public function beforeFilter(){
$this->set('current_user', $this->Auth->user());
}
This makes the $current_user available in your app.
Then in your view-files, you can check:
<?php if ($current_user['role'] == 'admin'){/*place code for admin users to see here*/} ?>
<?php if ($current_user){/*place code for logged-in users to see here*/} ?>
I know this is an old thread. But would like to ask if anyone had trouble implementing the admin panel as a plugin. Particularly duplication of code.
For example you're implementing an e-commerce site. You have an OrderController both in the main and admin plugin. Don't you think it's kinda hard to maintain the logic in two places?
How about just using one main controller. It's serves two purpose. One as an API then the controller for your Admin webapp.
Your public side would then basically communicate via API to fetch data.
Do you think it's a good idea?
You can use admin views like admin_index.ctp just change this
//Configure::write('Routing.admin', 'admin');
to
Configure::write('Routing.admin', 'admin');
in core.php and in the controller add admin_index() function
I'm fairly new to CakePHP and am trying to setup a custom admin area for my app. I realize Cake can create an admin area with scaffolding but I'd like to build something much more customized, and have it accessible from via /admin/, with one app for the public side and another for the admin.
Ideally, the structure would be:
www
^- apples (public application here)
^- apples-admin (password-protected control panel)
I'm having a hard time figuring out how to set this up using a single Cake core and two apps - one for "apples" and one for "apples-admin". I've read some notes about modding PHP's include path, but that won't be possible in the production environment. The other notes I see about changing CAKE_CORE_INCLUDE_PATH aren't very clear on where I would make that change, and it doesn't appear as though that would get me the app-inside-app structure I'm after.
Is what I'm trying to do possible? Am I better off using just a single app for both the public side and admin area?
You can achieve what you want using a single application.
To get up and running:
Use Prefix Routing to map your admin actions.
Then use the Auth component to restrict access to your 'admin' actions. I recommend setting up a User model to manage your users and using the FormAuthentication handler for logging in.
If you haven't used Bake for code generation before, then that's also worth looking into. It'll help create a base starting point for a lot of your admin functions.
Good luck.
I have an order processing and catalog system created in CakePHP. It manages orders, products, packages, invoices, etc. (anything that would be necessary for an ecommerce store basically).
I now want to make a "dashboard"-type page, that will show the latest orders, products that need to be updated, latest reviews, etc. I was going to create a Page for PagesController, but I don't know how to access models in PagesController.
Is there any way to access several, unassociated models on one page?
How to build a “dashboard” for your application in CakePHP.
I was going to create a Page for PagesController, but I don't know how to access models in PagesController.
With the built-in PagesController, you can't. You'll have to create your own PagesController, which would look something like this pastebin.
Another way to create such a portal page would be to create a Page for display via the built-in PagesController, the view for which would comprise a variety of view elements, each using requestAction to retrieve their respective data. This can be a tricky approach if you don't or can't employ caching, because requestAction is not very performant, as it begins a new dispatch cycle every time it's called. However, in conjunction with good, aggressive caching, this is a very modular approach, and very Cake-y, since it encapsulates each element of your dashboard's functionality in its own MVC element.
Edit: just to be extra-clear, if you cannot cache the dashboard's elements well, you want to avoid the requestAction route. It's just horrifically slow, and it's better to use an approach such as that in balcer's link, though it is perhaps not as elegant.