On the CakePHP website it shows that you would create a users table and a groups table for users and user groups using ACL: http://book.cakephp.org/view/1544/Preparing-our-Application
However most other tutorials e.g. NetTuts shows creating three tables (in addition to the users table) to use ACL: http://net.tutsplus.com/tutorials/php/how-to-use-cakephps-access-control-lists/
What is the difference between the two? Thanls
if you are asking about the extra tables named Acos,Aros and aros_acos
In both tutorial we need to use these tables.In the cakephp.org. there is a section called Initialize the Db Acl tables where they running a command to create those tables. where as in nettuts they showing us creating it manually.
Any way cakePHP need 5 tables to run the ACL perfectly.In that Acos,Aros and aros_acos are cakePHP defined tables and Users and Groups are user defined tables.
CakePHP is storing the User permissions as a Tree with Aros(Access Request Objects means users) hasAndBeongsToMany relation with Acos (Access Control Objects means actions)
Related
I need to do the following tasks in CakePHP 3:
Logout users manually
Limit the number of sessions to one per user
I'm using database sessions to accomplish that. Is it possible to save additional data in sessions table? If yes, could you give me an example please?
The session database model is a cake model like all the other models, which means you can interact with it, in the same way, by adding new columns to that table and/or deleting sessions if needed. Use the model object to update delete entities in that table (I assume you're talking about cakephp 3.x)
Limiting the number of sessions to one per user can be tricky as sessions are created even if a user is not logged in. So you will have "user-less" sessions in your database as well.
Suggested way to tackle this
When a user logs in, get the current session ID and find the row in the session table that needs to be updated to include the username
At this time you may also want to delete the other rows that have the same user name, effectively destroying all the other sessions for this user.
I've got a simple ARO/ACO set up with simply all my users as AROs and all my Modules as ACOs and the ARO_ACOs table holds the permission rights.
This works great, except when I delete a User, I'd like to be able to clean up the ARO_ACOs and ARO tables by removing any entries associated with the ARO related to the user.
How do I go about this? The documentation is not helpful at all!
Using the ACL behavior? No action required
Assuming the acl behavior is in use, there's no need to do anything as it automatically deletes acl records for aros/acos, which will also delete the permission records at the same time.
I'm new to CakePHP 2.4 and trying to understand conceptually if I'm on the right track before I start building the following.
By default, when a User first logs in to his online account, he sees Orders, Invoices, and Documents for ALL ACCOUNTS that he has access to. Using an Account dropdown and the button "Go", he can filter Orders, Invoices, and Documents for only ONE ACCOUNT.
Currently, pre-CakePHP, this is all handled in query logic. The User-Account (N:N) relationship is in the database. Any active Account_Id is stored in the SESSION. What is the CakePHP to do this?
The Model looks like:
User hasAndBelongsToMany Accounts
Account hasMany Orders
Account hasMany Invoices
Account hasMany Documents
1.) Should I code the relationship between Users and Accounts in a Model (hasAndBelongsToMany) or in the ACL/Auth component (User is ARO, Account is ACO)?
2.) To show ALL ACCOUNTS, what is the best way to "query for" this filter and apply it to each Model. Or is that done automatically by the Model?... or by ACL/Auth?
3.) To show ONE ACCOUNT, is storing an Id in the Session still the best approach? ...or should I be thinking about a new set of actions in each of the Orders, Invoices, and Documents Controllers?
I will support you with set of links to CakePHP cookbook which clarifies all your queries:
First of all you should read about linking models.
Next thing is creating correct database and tables in there following CakePHP conventions
Another step is "baking" your models/controllers/ views
After that step all you need to do is just play arround with data you get from your models
To be honest you dont have to code any relations at all if you just correctly create your database with corect foreing key names which Cake will detect and build relations through interactive shell (you will be asked if you want console to create relation for you through cake bake ).
$this->ModelName->find('all')
will give you all data of given ModelName and also all related data,
using
$this->ModelName->recursive=-1
will make your model to retrive only data from ModelName without any related data.
In practice some things will probably work for you out of the box but some of things you will have to simply implement. Hope that helps.
This is more like a question for an advice rather than a precise answer...
In my CakePHP app, I will have backend users and frontend members. They have completely different roles and permissions (users are application managers, members are visitors that register on the website without any access to the application backend). Should I use different tables for these two authorization types, or should I just manage them with a role parameter and bind tables to their profiles depending on it, and why is one solution better than the other?
Use the same table and role or type field. You will have only one login and it will be easy to manage the accounts.
Use ACL or a custom permission system to allow them to different controllers/actions.
For permissions, I have 3 ways to do it :
The strict-role way :
Every role of your application has access to functions with their prefix, but not any other prefix.
Ex : admin has access to admin_edit, but not customer_edit
You add a role varchar or enum in your users table, the routing prefixes in Config/core.php and you allow the access in a AppController::beforeFilter : each role is allowed to access to his prefix only.
The hierarchical way:
Your application's roles are ordered in a hierarchical way, where a role has access to his prefix and every prefixes under him.
Ex : admin has access to admin_edit and customer_edit, but
customer has not access to admin_edit
You add a role varchar or enum in your users table, the routing prefixes in Config/core.php and you allow the access in a AppController::beforeFilter by checking for each $this->request->params['prefix'] which roles can has access to it.
The custom way:
You need your admin to access to some functions, but not all. You need another role to access some functions admin can access, and some functions admin cannot.
Ex : admin can access to admin_edit and customer_edit, but not
customer_create or user_stat. customer can have access to
customer_edit, customer_create and user_stat, but not admin_edit or
user_edit
Use ACL. It's not the easiest way to manage permissions into your application, but if you want specific permissions, it's the best way. So remember this : only use ACL if you really need it.
I agree with cornelb: one table only. Here are some additional reasons:
If you add foreign key constraints, it might be messy to make them refer to both the app managers table, and the visitors table. Always when you want to point to a user, you'd need 2 fields, instead of 1 (a field pointing to the managers table, and one to the visitors table — and exactly one of them has to be null). And what if you need 2 user id fields in a row, with foreign keys? Then you'd suddenly need 4 fields. Simper with all keys pointing to just one table (and user type decided by the above-mentioned field).
Sometimes you might want the user id be part of a primary key — but that's more complicated, if you have two different user id fields, one in each table. Because then the database cannot guarantee that each user id is unique — you'd have to do it yourself at the application level.
I'm struggling with how to integrate a User plugin with my application data. I'm using CakePhp 2.1.
Scenario: I have existing membership and club lists, where members can belong to multiple clubs and clubs have multiple members. I've created all the MVC and CRUD for members and clubs and they work fine. And the associations work fine.
I've installed a User management plugin, which allows people to register, confirm, reset their passwords etc. All that works fine.
Where I'm stuck is matching the new "user" with the existing "member" profile information.
When a person creates a login userid, we ask for the membership number and their name so that we can link the new login id with the membership number.
This is where I get stuck.
I've extended the plugin user registration form to include the membership no and I've added user_id to the members table.
Now how do I update the members table with the user_id?
Once the person has logged in using their "user_id" -- the rest of the application features will just be based on their "membership" data.
So, I think my relationships are:
1 user has 1 member
1 member has 1 user, 1 member has multiple clubs, 1 member has multiple positions, 1 member has multiple orders
I think the Plugin for Users is confusing me.
How were the User model and Membership model associated in the first place? You should have already had a Membership.user_id field.
If they're somehow connected already (I assume they are, since you said associations were working correctly), just write a quick MySQL query or repeating PHP script to run through and populate the Membership.user_id fields. You'll only have to do it once now that you have the database and associations setup correctly.