CakePHP ACL - How to get Group-only permissions?

Question

I just want group only permissions - I don't need user based permissions. The cake 1.3 manual (http://book.cakephp.org/view/1646/x11-2-4-1-Group-only-ACL) says:

In case we want simplified per-group only permissions, we need to implement bindNode() in User model.

function bindNode($user) {
    return array('Group' => array('id' => $user['User']['group_id']));
}

This method will tell ACL to skip checking User Aro's and to check only Group Aro's.

However when I add groups and users via the baked controllers I still end up with an AROs table with nested groups/users for user-based permissions. I expected the AROs table to look like this (because the manual says this is what it will look like):

+----+-----------+-------+-------------+-------+------+------+
| id | parent_id | model | foreign_key | alias | lft  | rght |
+----+-----------+-------+-------------+-------+------+------+
|  1 |      NULL | Group |           1 | NULL  |    1 |    2 |
|  2 |      NULL | Group |           2 | NULL  |    3 |    4 |
|  3 |      NULL | Group |           3 | NULL  |    5 |    6 |
+----+-----------+-------+-------------+-------+------+------+

But instead is looks like this:

+----+-----------+-------+-------------+-------+------+------+
| id | parent_id | model | foreign_key | alias | lft  | rght |
+----+-----------+-------+-------------+-------+------+------+
|  1 |      NULL | Group |           1 | NULL  |    1 |    4 |
|  2 |      NULL | Group |           2 | NULL  |    5 |    8 |
|  3 |      NULL | Group |           3 | NULL  |    9 |   12 |
|  4 |         1 | User  |           1 | NULL  |    2 |    3 |
|  5 |         2 | User  |           2 | NULL  |    6 |    7 |
|  6 |         3 | User  |           3 | NULL  |   10 |   11 |
+----+-----------+-------+-------------+-------+------+------+

Here is my user model:

class User extends AppModel {
    var $name = 'User';

    var $actsAs = array('Acl' => array('type' => 'requester'));

    var $hasMany = array(
        'Post' => array(
            'className' => 'Post',
            'foreignKey' => 'user_id'
        )
    );
    var $belongsTo = array(
        'Group' => array(
            'className' => 'Group',
            'foreignKey' => 'group_id'
        )
    );

    /**
     *
     * In case we want simplified per-group only permissions
     * see http://book.cakephp.org/view/1547/Acts-As-a-Requester
     * @param unknown_type $user
     */
    function bindNode($user) {
        return array('Group' => array('id' => $user['User']['group_id']));
    }

    function parentNode() {
        if (!$this->id && empty($this->data)) {
            return null;
        }
        if (isset($this->data['User']['group_id'])) {
        $groupId = $this->data['User']['group_id'];
        } else {
            $groupId = $this->field('group_id');
        }
        if (!$groupId) {
        return null;
        } else {
            return array('Group' => array('id' => $groupId));
        }
    }
}

Answer 1

I have never used that method, but the concept of a group without any users seems meaningless. Cake uses the user and group information to decide who belongs to which group so that it can apply the appropriate group permissions.

Looking at 'the Book', though, your users must have a group_id set:

"Every user has to have assigned group_id for this to work."

CREATE TABLE users (
    id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(255) NOT NULL UNIQUE,
    password CHAR(40) NOT NULL,
    group_id INT(11) NOT NULL,
    created DATETIME,
    modified DATETIME
);

In my applications, which don't use bindNode, I set the permissions only by group and it works fine.