CODEWITHSUNDEEP
cakephpacl
user558117
user558117

Reputation: 93

How to list CakePHP Acl ACO and ARO structure?

I want to list the CakePHP Acl database by Acos and whether an Aro has permission yes or no.

What is the best way to do this?

Upvotes: 2

Views: 2268

Answers (1)

AD7six
AD7six

Reputation: 66170

Use the acl shell

Cake has a built in acl shell which provides an interface for modifying or viewing your acl data. It includes a view (tree) function which permits seeing your access control objects (aco, "things") and access request object (aro, users) data hierarchies:

Example aco tree:

$ Console/cake acl view aco

Welcome to CakePHP v2.4.0-dev Console
---------------------------------------------------------------
App : app
Path: /var/www/app/
---------------------------------------------------------------
Aco tree:
---------------------------------------------------------------
  [1] controllers
    [2] Posts
  [3] Posts
    [4] index
---------------------------------------------------------------

Example aro tree:

$ Console/cake acl view aro

Welcome to CakePHP v2.4.0-dev Console
---------------------------------------------------------------
App : app
Path: /var/www/app/
---------------------------------------------------------------
Aro tree:
---------------------------------------------------------------
  [1] Group.1
---------------------------------------------------------------

There's also a check function for determining if a given aro can access a given aco:

$ Console/cake acl check Group.1 controllers/Posts

Welcome to CakePHP v2.4.0-dev Console
---------------------------------------------------------------
App : app
Path: /var/www/app/
---------------------------------------------------------------
Group.1 is allowed.

Who can access what isn't possible

The nature of acl data is that it's relatively expensive to check a single combination (can this specific user access this specific object) and (though possible) impractical to build a general solution for "who can access what", that's effectively why there's no core-provided means to answer that question.

For a given list of acos though, you can easily loop on them calling AclComponent::check to get a list of answers for "what this specific user can access". The acl data can be accessed like any other model data using Aro and Aco models.

Upvotes: 1

Related Questions