CakePHP ACL and other challenges

If you have implemented ACL…

Login

Blog History

If you have implemented ACL in CakePHP and then you add an action to your controller or create a new controller and actions you will get locked out when you try to access it (unless you have granted access further up the tree)

Firstly perform aco_sync using the AclExtras plugin ( this adds the new action to the aco table )

Console/cake AclExtras.AclExtras aco_sync

These are the Access Request Objects I have linked my users to the groups table so that the permissions are applied to the groups.

jmitsmbp01:mio jmcd$ Console/cake acl view aro

Welcome to CakePHP v2.6.3 Console
---------------------------------------------------------------
App : mio
Path: /Applications/AMPPS/www/cakephp-mio/mio/
---------------------------------------------------------------
Aro tree:
---------------------------------------------------------------
  [1] Administrators
  [2] Map Admins
  [3] Map Viewers
---------------------------------------------------------------

These are the Access Control Objects

jmitsmbp01:mio jmcd$ Console/cake acl view aco

Welcome to CakePHP v2.6.3 Console
---------------------------------------------------------------
App : mio
Path: /Applications/AMPPS/www/cakephp-mio/mio/
---------------------------------------------------------------
Aco tree:
---------------------------------------------------------------
  [1] controllers
    [2] Addresses <=== This is a Controller
      [3] deleted <== These are the actions
      [4] import
      [5] export
      [6] update_enc
    .... # snippage
    [88] Upload
    [95] Menus
      [96] index
      [97] move_up
      [98] move_down
      [99] build_menu
      [100] view
      [101] add
      [102] edit
      [103] delete
    [104] DebugKit
      [105] ToolbarAccess
        [106] history_state
        [107] sql_explain
---------------------------------------------------------------

In order for a Access Request Object to get access to an Access Control Object

The aros table

mysql> select * from aros;
+----+-----------+-------+-------------+----------------+------+------+
| id | parent_id | model | foreign_key | alias          | lft  | rght |
+----+-----------+-------+-------------+----------------+------+------+
|  1 |      NULL | Group |           4 | Administrators |    1 |    2 |
|  2 |      NULL | Group |           5 | Map Admin      |    3 |    4 |
|  3 |      NULL | Group |           6 | Map Viewers    |    5 |    6 |
+----+-----------+-------+-------------+----------------+------+------+

Part of the acos table

mysql> select * from acos LIMIT 15;
+----+-----------+-------+-------------+-------------+------+------+
| id | parent_id | model | foreign_key | alias       | lft  | rght |
+----+-----------+-------+-------------+-------------+------+------+
|  1 |      NULL | NULL  |        NULL | controllers |    1 |  208 |
|  2 |         1 | NULL  |        NULL | Addresses   |    2 |   21 |
|  3 |         2 | NULL  |        NULL | deleted     |    3 |    4 |
|  4 |         2 | NULL  |        NULL | import      |    5 |    6 |
|  5 |         2 | NULL  |        NULL | export      |    7 |    8 |
|  6 |         2 | NULL  |        NULL | update_enc  |    9 |   10 |
|  7 |         2 | NULL  |        NULL | index       |   11 |   12 |
|  8 |         2 | NULL  |        NULL | view        |   13 |   14 |
|  9 |         2 | NULL  |        NULL | add         |   15 |   16 |
| 10 |         2 | NULL  |        NULL | edit        |   17 |   18 |
| 11 |         2 | NULL  |        NULL | delete      |   19 |   20 |
| 12 |         1 | NULL  |        NULL | AssignedTos |   22 |   33 |
| 13 |        12 | NULL  |        NULL | index       |   23 |   24 |
| 14 |        12 | NULL  |        NULL | view        |   25 |   26 |
| 15 |        12 | NULL  |        NULL | add         |   27 |   28 |
+----+-----------+-------+-------------+-------------+------+------+
15 rows in set (0.00 sec)

Now here is the section I'm putting in so in 12 months time I can check and grant permissions in the future.

jmitsmbp01:mio jmcd$ Console/cake acl check "Map Viewers" controllers/Menus/index

Welcome to CakePHP v2.6.3 Console
---------------------------------------------------------------
App : mio
Path: /Applications/AMPPS/www/cakephp-mio/mio/
---------------------------------------------------------------
Map Viewers is not allowed.

jmitsmbp01:mio jmcd$ Console/cake acl check "Map Viewers" controllers/Maps/view_maps

Welcome to CakePHP v2.6.3 Console
---------------------------------------------------------------
App : mio
Path: /Applications/AMPPS/www/cakephp-mio/mio/
---------------------------------------------------------------
Map Viewers is allowed.

Granting access


jmitsmbp01:mio jmcd$ Console/cake acl grant "Map Admin" controllers/Menus/build_menu

Welcome to CakePHP v2.6.3 Console
---------------------------------------------------------------
App : mio
Path: /Applications/AMPPS/www/cakephp-mio/mio/
---------------------------------------------------------------
Permission granted.
You can specify the Model foreign key combination for the aro e.g.
Console/cake acl check Group.6 controllers/Menus/build_menu


 


			

				
				
				
				
				



	
0 Comments

		   

		  
		  	   

					

		
Submit a Comment 
Your email address will not be published. Required fields are marked *
 
 



 


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.