CODEWITHSUNDEEP
cakephpacl
cawecoy
cawecoy

Reputation: 2419

CakePHP - More granular ACOs in ACL

My Products table:

select * from products;
+------+----------------+
| id   | name           |
+------+----------------+
|    1 | product XYZ    |
|    2 | product XPTO   |
|    3 | procudt ABC    |
|    4 | procudt QWERTY |
|    5 | procudt 1234   |
+------+----------------+

I can allow/deny some group of users to access the Model "Products", like:

$group->id = 3;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Products');

$group->id = 4;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Products/view');

But how to allow/deny some group to access some specific products, like:

$group->id = 5;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'product XYZ');

$group->id = 6;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'product XPTO');
$this->Acl->allow($group, 'product 1234');

?

Upvotes: 0

Views: 139

Answers (1)

Colin Fukai
Colin Fukai

Reputation: 342

You want row level access control. There are several ways of going about that in CakePHP (some using Cake's ACL functionality, some not) so you should look around and see what is best for your situation.

One thing to keep in mind, though, is that the out of the box ACL functionality in Cake was designed for implementing access control against controller actions, and not specific database rows. Depending on the amount of data you need to check things could get out of hand fairly quickly. You might want to reconsider your design to see if you truly need to check access at the record level.

Upvotes: 1

Related Questions