Modifying view based on ACL in CakePHP

Question

I want to be able to show or hide certain elements in a view based on ACL. For instance, if a user is looking at my Users/index view, I don't want to show a 'Delete User' element if he doesn't have permission to delete users. If he does have permission to edit users, I do want to show a 'Edit User' link.

I can hack this together, but being very new to Cake I'm hoping that there is an elegant solution. The best I've done involves keeping logic in two places, so it's hell to maintain.

Thanks!

Answer 1

I know this is an old question now but for anyone looking for a way like I was...

In AppController::beforeFilter you can assign the ACL component to a view variable and then use it in your view:

$this->set('user', $this->Auth->user());    
$this->set('acl', $this->Acl);

And then in you view just juse it like thie:

if($acl->check(array('User' => $user), 'controllers/groupd/admin_delete')) {

This is't necessarily the most correct way to do it but it does work nicely

Answer 2

There's multiple approaches to this scenario. As Nik stated, using a helper to do the checks for you is a quick way to "outsource" the logic and centralize it for ease of use.

Actually, have a look at the AclLinkHelper - it does exactly what you're looking for, however restricted to links only.

Answer 3

In case you don't want to mess around with overriding core helpers and you want a more automatic way of checking (without hard-coding user group names and users or setting separate link-specific variables) here's my suggestion:

Store all user permissions as session vars when the user logs in (clear on logout) and create a permissions helper to check if logged on user has permissions for a specific action.

code and example here

hope that helps

Answer 4

I do it like this in app_controller.php, although you could just as well do it in specific controllers. The view variables $usersIndexAllowed and $configureAllowed are then used in conditional statements in the view.

function beforeRender()
{
    if($this->layout=='admin')
    {
        $usersIndexAllowed = $this->Acl->check($user,"users/index");
        $configureAllowed = $this->Acl->check($user,"siteAdmins/configure");
    }
    $this->set(compact('usersIndexAllowed','configureAllowed'));
}

Answer 5

There is no generic "elegant solution" :) I've always wanted to make such thing as well. Anyway how you could do it:

Overwrite the Html Helper in your app directory - make a copy from /cake/libs/views/helpers/html.php to /app/views/helpers/html.php and made some changes in the Html::link function.

For example you can check if the url contain action edit or delete.

The other part is to pass the proper parameters from the controller. In AppController::beforeFilter you can read the rights of the user (it's better to be cached) and to pass it in a special Auth variable to the View.

So when you have the rights in your View it's easy to modify the link. :)

As I said I haven't did it in real example, but this is the way I would do it.

There is 1 bad point in that - if the original Html helper is changed, your one will remain the same. But I believe that Html helper is mature enough so for me is not a big issue.