I want to understand the sequence of steps how it is verified that a user has permission to particular application page ('Acl', 'Auth', 'Security' components are used). For example, a visitor clicks a link on another site that directs him to my application. What is the sequence of steps that my application does to verify that this user has access to the page? What controllers/classes and methods are called?
A:
- if Auth is required on that page, your app checks if a user is logged in
- if not, it redirects to login page
- if yes, your app should check permission,
- normally, it checks your user group to see if that group has permission on that page
- if it does, it checks that username to see if that user has permission on that page
logics for 3,4 and 5 should be done in app_controller
thats my take on it.
Funky Dude
2010-04-26 19:29:14
As far as I understand I provide merely settings for Auth component in app_controller. All logics is somewhere else. I would like to know where is that logics (what class) and the sequence of methods called.
bancer
2010-04-27 07:18:38
this?http://api.cakephp.org/class/acl-component#method-AclComponentcheck
Funky Dude
2010-04-27 17:42:37