Reputation: 21449
CakePHP acl lists
I've got a small problem, I've denied access to my page but user is still able to access it.
$this->Acl->allow('contributors','Users');
$this->Acl->deny('contributors','Users/add');
$this->Acl->deny('contributors','Users/edit');
$this->Acl->deny('contributors','Users/delete');
This is my code for this. I'm allowing Users controllers explicitly, and then deny access to it's actions. but I'm still able to access them. when I deny Users explicitly access is restricted. Am I doing something wrong???
I've checked permissions using
$this->Acl->deny('contributors','Users/add');
and it returns false, Thus it's denied.
Upvotes: 0
Views: 314
Answers (1)
Reputation: 2185
Shota Bakuradze,
if you are working on a system that uses only the AUTH component, you have to use AUTH methods and attributes only.
In case you have set up a system with ACL, then you normally define it the other way around, as it is more secure. E.g.: Denying every action on controller level, than allowing some actions.
The benefit of this procedure is that, in case you forget to allow an action, less (no) harm is done and you will notice it.
Edit1: In addition, what you call contributors has to be an ARO, see here.
Upvotes: 1