I am new to cakephp and trying to follow the ACL Authentication tutorial from the cakephp book. However I would like to call my users table 'members' instead. so I have usernames and passwords stored in a table called 'members'. but the ACL auth always seems to be looking for a user model and users table. although that is not configured anywhere.
how can I tell the ACL/Auth component to look for the members table/model instead ?
thanks alot!
sorry I am stupid and it's late, I found the answer already.
the solution is to use $this->Auth->userModel = 'Member'; in the auth setup (function beforeFilter)
Related
All,
I have a CakePHP app I am developing with user accounts and some social interaction and I am looking to allow each user to have a profile and make it public and whatever information the user decides to make available. Currently the user is able to access his/her personal account at http://www.domain.com/account, but I want the user to also have a profile at http://www.domain.com/users/profile/user234.
What is the best approach?
Create a function profile($username) in my users_controller.php?
Create a profiles_controller.php to handle users profiles?
Is there a better way?
Or is there a CakePHP Profile Plugin available I can use
Also,
Is it possible to use CakePHP routes to have something like this: http://user1234.domain.com?
Thank you for you help!
1 & 2) Both ways work. I would put it profiles controller because its simply more logical but there is not real guideline for that. Usually you do things in the domain they belong to.
3) Not really.
4) Not for profiles but for the whole user thing http://github.com/cakedc/users But be aware that the profiles part is using a key/value storage for the fields of the profile. But you can simply change that by extending the plugins models and controllers on app level - OOP 4tw! :)
For subdomain routing you need to implement a custom route object. See this ticket related to that topic. http://cakephp.lighthouseapp.com/projects/42648/tickets/2429 Lookup the book.cakephp.org if you need to learn how to create custom routes. See http://book.cakephp.org/2.0/en/development/routing.html?highlight=router#custom-route-classes for CakePHP 2.0. And see http://book.cakephp.org/1.3/en/view/1634/Custom-Route-classes for 1.3.
I am CakeNoob so please accept my sincere apologies for this question.
After users Added their account in my Webapp, they are redirected to users/view where they can see their account details and edit them.
From here, there are links to achievement/add where people can add achievements to their profile. The User and Achievement model are nicely coupled through belongsTo and HasMany associations. Once a user adds an Achievement, it will be displayed in the users/view page via related Achievements.
Problem: Once I manually add an Achievement through achievements/add (and select the current user from the list(all)), it works fine.
But I want that achievements can only be added when users come from users/view, so I need to transport the user-id to achievements/add and then tell Cake that this is the user-id (foreign key) to use.
All users are logged in once they reach users/view so I guess the Auth session may help me.
I have tried many things but my knowledge is just too minor to solve this. Your solutions are appreciated!! Thanks
if you use "Auth" to register and login, you can use $this->Auth->user('id'); to get the user id throughout your application
You can save it with:
$this->data['User']['id'] = $this->Auth->user('id');
$this->User->save($this->data);
I (finally) got ACL to work properly, based on group permissions. However when I create a new user (Users/add) it automagically.. I mean.. autoinconveniently creates a User ARO..
While this is not really a big problem, I would like my ARO table to stay as clean as possible. Just my groups.
How do I disable the automatic creation of a User ARO object when creating a new user through CRUD?
i had the same problem and, like you, i said to myself "its not a big deal as long as it's working"... but when i started to have more and more users and when i added new groups, i found that ACL was not working correctly.. If you're using a group-based permissions, you MUST ONLY have groups in your AROS table.
Brief, the documentation says that you need to add the bindNode() in your Users model if you want a group-based ACL, but what they don't tell you is that for group-based permissions your User model doesn't have to implement the requester behavior and you don't need the parentNode() neither. Remove those two and it should be ok.
I added a note on the documentation, i hope it gets published :)
Good Luck
I've been diving into CakePHP this year and I'm loving it! However, I've just run across a problem that I'm not sure how to handle. My database design is this--
USER can belong to one or more WEBSITE
A WEBSITE can have many USER
So I have a many-to-many relationship which is tracked in MEMBERSHIP
MEMBERSHIP also tracks what group_id the USER has for that WEBSITE.
For example, if user1 joins website3 as an administrator and website5 as a editor, then the MEMBERSHIP table has an entry reflecting both those roles.
Basically my problem is Cake's ACL. In the above-mentioned model, user1's group_id would change depending on which WEBSITE he's selected after logging in. (And he could subsequently change to even more websites within the dashboard by changing the group_id again and again). Cake's ACL appears to only handle 'user belongs to one group' period.
Can I trick the ACL by giving it the group_id from the session every time its changed and then reload the AROs? Would it make more sense to scrap ACL and create my own permissions module?
Any suggestions or ideas to point me in the right direction would be GREATLY appreciated!
i think it will be the best way to create your own permission module.
the reasons are quite simple:
you can modify/extend it in any way YOU want
you will not break any cakePHP specifications
Is using the Auth component and then just checking that $this->Auth->User($id) equals the user_id of the profile to be edited enough?
Is there some drawback to doing this instead of having to go through the brain-pain of ACL?
No need to use ACL in my opinion. Even if you're using ACL, you would still have to perform the check. A simple check in the action to make sure that the profile is being edited should be fine.
I do a dozen projects or so each year in Cake and I haven't used the ACL component in long time. I've found a simple group-based permissions work great. I set $this->Auth->authorize = 'controller', and then override isAuthorized() in the app controller to handle checking if the user has permission to execute the action.
Using ACL for such a simple process is like bringing tanks to rid your house of cockroaches.
All you need to do is define a condition in the beforeFilter for the particular action checking if the $this->request->params['pass'][0] is equal to the user_id of the logged in user.