cakephp acl aros_acos paradox - cakephp

I'm trying to implement an authentication/authorization combo into my cakePHP site using Auth and Acl Components, but something odd is happening with my implementation. I've got the right acos, aros and aros_acos tables, and they seem to work at some level.
I have mapped my actions like this:
$this->Auth->mapActions(array('read' => array('view'), 'update' => array('edit')));
My acos table looks like this:
Site
1.1 Pages
1.2 Users
1.3 Groups
1.4 Admin
and aros table:
users
1.1 editors
1.1.1 admins
1.1.1.1 admin_name
1.2 regular_user
Users, editors and admins are groups. Admin_name is an admin user, member of the admins group, and regular_user is a member of the users group.
Now, in the aros_acos table, if I give 'users' group the CRUD rights for a 'page' like this: 0 1 1 0 (which gives them the right to read and update) then everything works fine (at least for the 'view' and 'edit' actions). But if I put 0 1 0 0 (only the right to read) then I get redirected to '/', and one particular thing that I have noticed is that it doesn't call the app_controller or at least the beforeFilter() function in the app_controller.
Moreover, I've written the beforeFilter() so that when a user does not have access to a crud, to give him a $this->flash message, letting him know that he is "not authorized" (I had to do this, as $this->Auth->authError doesn't seem to work). So, with that in mind, I now rewrite the aros_acos table for the users group like this: 0 0 1 0 ( permission only to update ) and this time I get the flash message when I access the 'view' action (which is correct since I don't have the permission to access it), but I also get the flash message when I try to access the 'edit' action.
I'm missing something, and I don't know what. I've written this question, hoping that before finishing it, I would come up with the solution myself...but no luck. I still don't know what is happening, I guess it is some controller thing...Have you got any ideas ?

Thought 1 -> Somewhere in the view page, do you have a requestAction to another page by chance? It might come from a view page or an element on a view page.
Thought 2 -> Build out your complete mapActions. This might not be an issue, but it's good to start here.
$this->Auth->mapActions(array(
'read'=>array('index','view','admin_index'),
'create'=>array('add','admin_add'),
'update'=>array('edit','admin_edit'),
'delete'=>array('delete','admin_delete')));
Don't be afraid to trace the code all the way to the Auth Component if necessary. Just pr() until you find where it's redirecting. Figure out specifically what is causing the problem.
Be sure your session is correct and doesn't get changed in the process.
Thought 3 -> Do you "rebuild" the acl tables properly? It may be a data issue. I would suggest that you use the createAco(), createAro(), and $this->Acl->allow() functions to be sure the data is correct and all the keys are correct. (never hurts to check)
This is one of those issues where you have to go step by step and trace through the app. I'm using the current stable CakePHP and haven't found any issues.

Related

WordPress : make categories automatically match according to external API Value

I'm managing a company website, where we have to display our products. We however do not want to handle the admin edit for this CPT, nor offer the ability to access to the form. But we have to read some product data form the admin edit page. All has to be created or updated via our CRM platform automatically.
For this matter, I already setup a CPT (wprc_pr) and registered 6 custom hierarchical terms: 1 generic for the types (wprc_pr_type) and 5 targeting each types available: wprc_pr_rb, wprc_pr_sp, wprc_pr_pe, wprc_pr_ce and wprc_pr_pr. All those taxonomies are required for filtering purposes (was the old way of working, maybe not the best, opened to suggestions here). We happen to come out with archive pages links looking like site.tld/generic/specific-parent/specific-child/ which is what is desired here.
I have a internal tool, nodeJS based, to batch create products from our CRM. The job is simple: get all products not yet pushed to the website, format a new post, push it to the WP REST API, wait for response, updated CRM data in consequence, and proceed to next product. Handle about 1600 products today on trialn each gone fine
The issue for now is that in order for me to put the correct terms to the new post, I have to compute for each product the generic type and specific type children.
I handled that by creating 6 files, one for each taxonomy. Each file is basically a giant JS object with the id from the CRM as a key, and the term id as a value. My script handles the category assertion like that:
wp_taxonomy = [jsTaxonomyMapper[crm_id1][crm_id2]] // or [] if not found
I have to say it is working pretty well, and that I could stop here. But I will have to take that computing to the wp_after_insert_post hook, in order to reaffect the post to the desired category on updated if something changed on the CRM.
Not quite difficult, but if I happen to add category on the CRM, I'll have to manually edit my mappers to add the new terms, and believe me that's a hassle.
Not waiting for a full solution here, but a way to work the thing. Maybe a way to computed those mappers and store their values in the options table maybe, or have a mapper class, I don't know at all.
Additional information:
Data from the CRM comes as integers (ids corresponding to a label) and the mappers today consist of 6 arrays (nested or not), about 600 total entries.
If you have something for me, or even suggestions to simplify the process, I'll go with it.
Thanks.
EDIT :
Went with another approach, see comment below.

Is this the right db design for the most flexible and modular CMS with user management in CakePHP?

I would like to ask you guys if you could review my database design. I think it is quite self-explanatory, but to be absolutely clear:
My goal is to make an application which has a super flexible user management (which is why the groups are in tree-form and the groups and users have a habtm relationship) and a super modular way to build pages (which is why the pages consist of widget-blocks).
The reason I made users and profiles separate is because the users table will not change and is only needed for authentication and authorization. However, the profiles table will change according to the wishes of the client. So it might not have a signature, but an avatar field instead. Or maybe it will be completely empty / not exist at all.
A widget could be anything, it could be a poll, it could be a piece of content, it could be a navigation, it could be a collection of comments, whatever.
The reason I chose to make subdomains, locales and layouts separate tables instead of just putting the names into pages is because I want to limit the options that are available to the client. Just because I have a three-columns.ctp in my layouts folder doesn't necessarily mean I want the client to be able to choose it.
Same goes for the widgets. And besides limiting choice, not every plugin, controller and action in my plugins-folder is a widget, so I need a table to clarify which are.
A block is a widget on a page which sits in a container (e.g. the right column in a 3 column layout) at a particular position which is decided by the index (lower index means higher).
So that's my explanation, what do you guys think? Is this as good as it can be? Or do you have (a) suggestion(s) to make it even more flexible and modular.
[edit] Oh and to be clear, the widgets will of course have their own tables to store the information they need to store.
Well, I think that everything is great except "profiles".
When you try to get data from a logged user:
$this->Auth->user();
I don't think that you will get data about "profiles" so you will have to find profile by $this->Auth->user('id') etc. I think that you should merge "profiles" and "users" tables into "users" table.
So when you want to save, let's say, "signature" you should just put it in $this->request->data; and call $this->User->save($this->request->data); and the signature will be updated.
EDIT:
You can leave it the way it is but, to get other data than user, you will have to put:
$id = $this->Auth->user('id');
$current_user = $this->User->findById($id);

CakePHP 2.0.x: ACL: Multiple Groups?

I know this question has been asked before, but I don't know if it's been asked specifically about CakePHP 2.0.x. I haven't been able to find any information about whether or not having users be a part of multiple groups is now possible with the ACL component. I never used the ACL component with CakePHP 1.3.x because it confused me. If it's better now, though, I'd like to use it so I don't re-invent the wheel by rolling my own. Any help would be appreciated.
I haven't tested it or used it like this before, but I can imagine one way:
Have a User model and a Group model, and User HATBM Group as Shaz Amjad notes.
At the point you're doing your access control, fetch a list of all Groups that User belongs to (probably using bindModel)..
Then, something like:
$permits = array();
foreach ($thisUsersGroups as $group) {
$permits[] = $this->Acl->check($group, 'myclass', 'update')
}
If $permits contains at least one true, they should be permitted.
There might well be a better or more automagic way of doing it, but I don't see what that shouldn't work in principle.

CakePHP - What is the best approach to create an Admin Section

I am looking for an insight into the best approach to create an administrator section in CakePHP. I've looked at plugins like BrowniePHP as well as others, but I am not entirely satisfied with using plugins. So I am trying to create my own which will encompass the things I need. I;ve looked at some tutorials, but cant find the right answer.
I am currently creating a vast application, which is about 10% done, but I now feel the need to have an admin section before moving on.
Basically I would like a section where I can add new articles, approve comments, deny user access, etc. This section should only be accessible by an administrator.
Also, this administrator section must be able to save to any other model.
I am still learning CakePHP and any detailed instruction would be appreciated.
to create an admin-section the first thing you have to do is to manually edit the core.php within /app/config and write the setting Routing.prefixes. This line should be around line 88 somewhere and you just have to uncomment it.
In case you can't find it, it should look like this:
Configure::write('Routing.prefixes', array('admin'));
So now you can write your admin-functions within your controllers like this:
function admin_edit($id = null) {
//your admin function
}
You don't need access to every model since your writing these function within your controllers like every other "normal" action.
You just have to connect a route to handle the admin-actions:
Router::connect('/admin/:controller/:action/*', array('admin' => true, 'prefix' => 'admin', 'controller' => 'pages'));
// 'admin' => true is a variable for you so you can check if it's an admin-action which is requested
// 'prefix' => 'admin' means that you can write function with this prefix like above
You can then access these actions via the url http://yourapp.com/admin/controller/action
If you now use the Auth-Component you can write methods for checking if a user is allowed to access these methods.
For further information please read these manual-entrys:
Prefix-Routing
Authentication (Auth-Component)

Move login form from subdomain to homepage and sort comapanies alphabetically

Outsourced a document management system to a CakePHP developer who has now disappeared, without doing the final touches, leaving me high and dry. Project is due Monday the 28th, I'm freaking! I sat for 2 days, but couldn't solve these issues. The main thing is the member login form at dms.domain.com.
It works perfectly and redirects to http://dms.domain.com/dir/dir but members actually need to log in via the login form I created on the homepage www.domain.com
I had a look at the source of the login form on the dms.domain.com which looks really simple, much like standard code, however I tried searching for the form elements in the source code of the entire site, but no luck. This leads me to believe that everything's called from the database, but hopefully not because that's out of my league.
Surely if I can find the form code used on dms.domain.com I can just reuse it on the home page?
The second thing is, once logged in, the list of companies is sorted via date created it seems? but I want it sorted via company, alphabetically. Again I searched the source for code like "asc" but I realized Cake doesn't use standard sql queries. I did however find, 'sortorder' => 'desc', 'sortname' => 'id', and changed 'id' to 'company' but no luck. Below is what I currently see when log in. Thanks
Id Company
1 Fos
21 Mamas
20 Clove
25 Orm
24 Colors
I'm assuming your main site www.domain.com is not written using CakePHP - is that right? If that's the case, you could just copy the generated HTML of the login form on dms.domain.com and paste it into the login form on www.domain.com. Make sure that the action of the form is set to the full path to the login action on dms.domain.com e.g. http://dms.domain.com/dir/dir.

Resources