Comments on: Get ALL ACL permissions

By: Luc

Luc — Thu, 15 Dec 2011 13:55:25 +0000

@Neil: I have solved the problem I posted before. I have updated the AppHelper::hasPermission for version 2.0.

@cesar: I see the same problem. When you first allow and then deny on a lower level (controller/action) then it still gives the denied nodes as allowed.
Does anyone have a solution for this.

Regards,

Luc

By: Luc

Luc — Fri, 25 Nov 2011 14:49:00 +0000

Hi,
I tried to implement this in CakePHP 2.0 but I get the following error:
Fatal error: Call to a member function hasPermission() on a non-object in …

In my View I have this:

if ($this->App->hasPermission(‘/admin/groups’) == true) {
…
}

and my AppHelper looks like this:

App::uses(‘Helper’, ‘View’);
class AppHelper extends Helper {
function hasPermission($url) {
…
}
}

Can you tell me what I did wrong?

Thanx in advance.

By: Maxime

Maxime — Thu, 23 Jun 2011 08:21:13 +0000

If we are 2 controllers which names starts with same string, the (big) request return wrong permission.

-> For good results : add “/” on last line just behind % like :

ON tmp_aco.id=tt.aco_id OR tmp_aco.alias like concat(tt.name,’/%’)

By: Cesar

Cesar — Wed, 15 Jun 2011 16:00:10 +0000

the query not works too in the situation when I give some permissions on group but deny some cascade permission on the user.
Example: accept Users to group1 but deny group1:user1 to edit in Users. dont works.
thanks.

By: Cesar

Cesar — Tue, 14 Jun 2011 21:08:39 +0000

sorry…
some corrections on last lines.
…wrong results…
…retrieve the correct permissions from aros_acos…
sorry.

By: Cesar

Cesar — Tue, 14 Jun 2011 21:06:00 +0000

Amazing work.

I tested the case when I have groups of users. When I add the group permissions, all users of that group (with this own aro_id) was resolved. well done.

but, when i tested again its own rights on acos_aros table, when I define it against their fields: _create,_read,_update,_delete, works that way: defining at least one of them with 1, gets its permissions, but allowing and denying each of them(0 on _create, but 1on _read) give me worng results.
so, how can retrive correct permissions from acos_aros definitions?
thanks.

By: bancer

bancer — Mon, 19 Jul 2010 16:11:39 +0000

That query is really impressive! Unfortunately, it returns an empty array on deeper groups hierarchy. I tested it with “Group1 -> Group2 -> User3″ and it returned an empty array. But for “Group1 -> User2″ the query does a perfect job. I’ve never thought it is possible to achieve such amazing results with SQL.

By: Ken

Ken — Sun, 06 Dec 2009 09:29:11 +0000

@Neil: Yep your lead was right on!
That’s exactly what i did…

AppController::isAuthorized() is much like your “hasPermissions”.. only it returns the “in_array” of your $this->params['controller'] with $this->params['action'] – and not based on parameters sent to it.

This effectively reducded the amount of SQL’s for permissions to a single huge query upon login and eliminated the 3 queries that were ran upon each page load.
Well worth it when someone travels in the site a lot.

Thanks for everything, your blog has been a tremendous source of help!

By: Neil Crookes

Neil Crookes — Wed, 25 Nov 2009 20:27:35 +0000

@Ken, I’m sure it could. The cook book implies you could set the AuthComponent::authorize property to ‘controller’ then have a AppController::isAuthorized() method that could check the session. Let me know how you get on.

By: Ken

Ken — Wed, 25 Nov 2009 15:00:57 +0000

@Neil, Thank i got it working.. it works great!

Also, i was wondering if this can somehow be used to remove the ACL checks that are ran at each page load (The ACL SQL queries) – since we loaded all the permissions into the Session.. it is somehow possible to override the check process to try the session first?

I know the main purpose of loading them into the session is for the views, but maybe it can also be used to cut down on those queries that run on each page… thus giving this massive query even more credit

Like to hear your thoughts.

Thanks, Ken.