Reputation: 28284
check if the aro has permission for a certain aco
I have ACL layer setup in my application. But I need to print out a report for management that what acos are allowed by which aro (users only in this case); I looked into aco tables and in aco_aro table but it doesnt make any sense to me to generate a simple report that which aco can be access by which aro for example.
So how do I generate that, so called report? Currently you get permission denied message if you dont have access to certain acos but thats about it. I would have to go one by one to see all those and compare them to users which is very daunting manual task and extremely difficult if not impossible! So I was wondering if you guys use some audit or something for that.
EDIT
since no one responded to this question, I will tune down my requirements.How can upon login of a user can I get what acos the user has permissions to?. Can someone tell me how I check that. thanks
** TRIED THIS**
if ($this->Auth->login()) {
debug($this->Acl->check( 'User', 'Posts', $action = '*'));
but get this
Warning (512): DbAcl::check() - Failed ARO/ACO node lookup in permissions check. Node references:
Aro: User
Aco: Posts [CORE/Cake/Controller/Component/Acl/DbAcl.php, line 79]
/app/Controller/UsersController.php (line 20)
false
Upvotes: 0
Views: 2626
Answers (2)
Reputation: 795
You might be interested by such a component. I'm pretty sure part of the job could be done differently but my knowledge of the Acl component is not good enough for that.
<?php
class AclToolsComponent extends Object {
var $controller = null;
var $components = array('Acl');
function initialize(&$controller, $settings = array()) {
$this->controller = $controller;
}
function getUserPermissions($userId) {
if (!isset($this->controller->User)) {
$this->controller->loadModel('User');
}
$this->controller->User->id = $userId;
$aro_node = $this->controller->Acl->Aro->node($this->controller->User);
$aliases = $this->getAcoAliases();
$aros = $this->controller->Acl->Aro->find('first', array(
'conditions' => array(
'Aro.id' => $aro_node[0]['Aro']['id'],
),
));
$permissions = array();
foreach ($aros['Aco'] as $aco) {
$acl_cmd = ($aco['Permission']['_create'] == 1)?'allow':'deny';
$permissions[] = $acl_cmd.' '.$aliases[$aco['id']];
}
return $permissions;
}
function getAcoAliases() {
$aliases = array();
$acos = $this->controller->Acl->Aco->find('threaded', array(
'contain' => array()
));
$this->fillAliases($aliases, $acos, '');
return $aliases;
}
private function fillAliases(&$aliases, $acos, $name) {
foreach ($acos as $aco) {
$sep = (!empty($name))?'/':'';
$new_name = $name.$sep.$aco['Aco']['alias'];
$aliases[$aco['Aco']['id']] = $new_name;
if (!empty($aco['children'])) {
$this->fillAliases($aliases, $aco['children'], $new_name);
}
}
}
}
?>
From a controller, you might then use the following code to get an idea of how it works
$perm = $this->AclTools->getUserPermissions($userId);
debug($perm);
It will display the aco that are specifically granted or denied to a user. It means that if you grant access to the full Posts controller to someone, you will get only
allow controllers/Posts
and not
allow controllers/Posts
allow controllers/Posts/add
allow controllers/Posts/edit
...
Upvotes: 2
Related Questions
- CakePHP 2.10: Checking ACLs from outside controllers
- CakePHP Acl auto checking
- DbAcl::check() - Failed ARO/ACO node lookup in permissions check.
- CakePHP AclNode::node() - Couldn't find Aro node identified
- How to list CakePHP Acl ACO and ARO structure?
- CakePHP ACL: Is a base group/ARO required
- Cakephp ACL ARO_ACO
- CakePHP ACL disable automatic ARO creation
- Create aro/aco having an aro and an aco
- cakephp acl aros_acos paradox