cakephp acl aros_acos paradox

Hello, I'm trying to implement an authentication/authorization combo into my cakePHP site using Auth and Acl Components, but something odd is happening with my implementation. I've got the right acos, aros and aros_acos tables, and they seem to work at some level.

I have mapped my actions like this:

$this->Auth->mapActions(array('read' => array('view'), 'update' => array('edit')));

My acos table looks like this:

1. Site
1.1 Pages
1.2 Users
1.3 Groups
1.4 Admin

and aros table:

1. users
1.1 editors
1.1.1 admins
1.1.1.1 admin_name
1.2 regular_user

Users, editors and admins are groups. Admin_name is an admin user, member of the admins group, and regular_user is a member of the users group.

Now, in the aros_acos table, if I give 'users' group the CRUD rights for a 'page' like this: 0 1 1 0 (which gives them the right to read and update) then everything works fine (at least for the 'view' and 'edit' actions). But if I put 0 1 0 0 (only the right to read) then I get redirected to '/', and one particular thing that I have noticed is that it doesn't call the app_controller or at least the beforeFilter() function in the app_controller.

Moreover, I've written the beforeFilter() so that when a user does not have access to a crud, to give him a $this->flash message, letting him know that he is "not authorized" (I had to do this, as $this->Auth->authError doesn't seem to work). So, with that in mind, I now rewrite the aros_acos table for the users group like this: 0 0 1 0 ( permission only to update ) and this time I get the flash message when I access the 'view' action (which is correct since I don't have the permission to access it), but I also get the flash message when I try to access the 'edit' action.

I'm missing something, and I don't know what. I've written this question, hoping that before finishing it, I would come up with the solution myself...but no luck. I still don't know what is happening, I guess it is some controller thing...Have you got any ideas ?

Thought 1 -> Somewhere in the view page, do you have a requestAction to another page by chance? It might come from a view page or an element on a view page.

Thought 2 -> Build out your complete mapActions. This might not be an issue, but it's good to start here.

$this->Auth->mapActions(array(
'read'=>array('index','view','admin_index'),
'create'=>array('add','admin_add'),
'update'=>array('edit','admin_edit'),
'delete'=>array('delete','admin_delete')));

Don't be afraid to trace the code all the way to the Auth Component if necessary. Just pr() until you find where it's redirecting. Figure out specifically what is causing the problem.

Be sure your session is correct and doesn't get changed in the process.

Thought 3 -> Do you "rebuild" the acl tables properly? It may be a data issue. I would suggest that you use the createAco(), createAro(), and $this->Acl->allow() functions to be sure the data is correct and all the keys are correct. (never hurts to check)

This is one of those issues where you have to go step by step and trace through the app. I'm using the current stable CakePHP and haven't found any issues.

Thank you for the reply. These last days I've been trying to trace my problem, but I haven't managed to found it. So, after all, I've just kind of fix it with a routing line. So now I'm routing the '/' to the login page. It seems to work. I don't know if it is ok my solution, actually I'm pretty sure it is not, but anyway I have a deadline to hit and this solution works on every level (what I've tested). Now, if a user tries to access an unauthorized crud, then he's sent to the login page and on that page he receives the $this->Auth->authError notification. Anyway, thanks for the support.

Progenitura 2009-09-11 06:26:58

ansaurus

tags:

views:

answers:

cakephp acl aros_acos paradox

related questions