views:

17

answers:

1

I just want group only permissions - I don't need user based permissions. The cake 1.3 manual (http://book.cakephp.org/view/1646/x11-2-4-1-Group-only-ACL) says:

In case we want simplified per-group only permissions, we need to implement bindNode() in User model.

function bindNode($user) {
    return array('Group' => array('id' => $user['User']['group_id']));
}

This method will tell ACL to skip checking User Aro's and to check only Group Aro's.

However when I add groups and users via the baked controllers I still end up with an AROs table with nested groups/users for user-based permissions. I expected the AROs table to look like this (because the manual says this is what it will look like):

+----+-----------+-------+-------------+-------+------+------+
| id | parent_id | model | foreign_key | alias | lft  | rght |
+----+-----------+-------+-------------+-------+------+------+
|  1 |      NULL | Group |           1 | NULL  |    1 |    2 |
|  2 |      NULL | Group |           2 | NULL  |    3 |    4 |
|  3 |      NULL | Group |           3 | NULL  |    5 |    6 |
+----+-----------+-------+-------------+-------+------+------+

But instead is looks like this:

+----+-----------+-------+-------------+-------+------+------+
| id | parent_id | model | foreign_key | alias | lft  | rght |
+----+-----------+-------+-------------+-------+------+------+
|  1 |      NULL | Group |           1 | NULL  |    1 |    4 |
|  2 |      NULL | Group |           2 | NULL  |    5 |    8 |
|  3 |      NULL | Group |           3 | NULL  |    9 |   12 |
|  4 |         1 | User  |           1 | NULL  |    2 |    3 |
|  5 |         2 | User  |           2 | NULL  |    6 |    7 |
|  6 |         3 | User  |           3 | NULL  |   10 |   11 |
+----+-----------+-------+-------------+-------+------+------+

Here is my user model:

class User extends AppModel {
    var $name = 'User';

    var $actsAs = array('Acl' => array('type' => 'requester'));

    var $hasMany = array(
        'Post' => array(
            'className' => 'Post',
            'foreignKey' => 'user_id'
        )
    );
    var $belongsTo = array(
        'Group' => array(
            'className' => 'Group',
            'foreignKey' => 'group_id'
        )
    );

    /**
     *
     * In case we want simplified per-group only permissions
     * see http://book.cakephp.org/view/1547/Acts-As-a-Requester
     * @param unknown_type $user
     */
    function bindNode($user) {
        return array('Group' => array('id' => $user['User']['group_id']));
    }

    function parentNode() {
        if (!$this->id && empty($this->data)) {
            return null;
        }
        if (isset($this->data['User']['group_id'])) {
        $groupId = $this->data['User']['group_id'];
        } else {
            $groupId = $this->field('group_id');
        }
        if (!$groupId) {
        return null;
        } else {
            return array('Group' => array('id' => $groupId));
        }
    }
}
A: 

I have never used that method, but the concept of a group without any users seems meaningless. Cake uses the user and group information to decide who belongs to which group so that it can apply the appropriate group permissions.

Looking at 'the Book', though, your users must have a group_id set:

"Every user has to have assigned group_id for this to work."

CREATE TABLE users (
    id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(255) NOT NULL UNIQUE,
    password CHAR(40) NOT NULL,
    group_id INT(11) NOT NULL,
    created DATETIME,
    modified DATETIME
);

In my applications, which don't use bindNode, I set the permissions only by group and it works fine.

Leo
Yes, "every user has to have assigned group_id for this to work" - so why does the book show the resulting AROs table with ONLY groups in it?
Mark Flint
I don't know the answer to that. This is an option that I wasn't aware of and it may be that the book is correct but your implementation isn't. My reading of it is that use of bindNode modifies the logic rather than the model so, therefore, your implementation is correct and the book is wrong. It's good, but anyone can edit it. I noticed the other day that some of the Containable section has vanished. Or maybe it was never there!
Leo
The more I use CakePHP the more I like it, but often got to work very hard with the documentation :)
Mark Flint