How to get permissions in cakePHP
First, sorry for my language skills, I am not used to writing in English. ;)
I'm trying to develop my first cakePHP application.What I'm trying to do:
- Users are in groups and groups have access to different locations.
- Users can add reservations for this locations.
So my main problem is to find the best way to get the permissions of the user:
- The user should only see the locations on which he has access.
- If a user tries to add a reservation for a location, I have to check his permission for this location.
- etc.
I also have moderators and admins, but I think this is a similar problem.
So, how can I do this properly? The ACL doesn't seem to be the right way - in most tutorials it controls the access to actions, not to db-rows.
What my Database looks like:
I have a user table and use the AuthComponent to manage the authentication. This works fine.CREATE TABLE IF NOT EXISTS `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`email` varchar(64) NOT NULL,
`password` varchar(64) NOT NULL,
`enabled` tinyint(1) NOT NULL,
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`)
)
I have a groups table for usergroups.
CREATE TABLE IF NOT EXISTS `groups` (
`id` int(11) NOT NULL AUTO_I开发者_Python百科NCREMENT,
`name` varchar(64) NOT NULL,
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
)
CREATE TABLE IF NOT EXISTS `groups_users` (
`group_id` int(11) NOT NULL,
`user_id` int(11) NOT NULL,
UNIQUE KEY `group_id` (`group_id`,`user_id`)
)
And I have my locations.
CREATE TABLE IF NOT EXISTS `locations` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(64) NOT NULL,
`adress` text NOT NULL,
`description` text,
`created` datetime DEFAULT NULL,
`modified` datetime DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
)
The table contains the permissions, which group has access to which location.
CREATE TABLE IF NOT EXISTS `groups_locations` (
`group_id` int(11) NOT NULL,
`location_id` int(11) NOT NULL,
UNIQUE KEY `group_id` (`group_id`,`location_id`)
)
Of course the reservations table:
CREATE TABLE IF NOT EXISTS `reservations` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`location_id` int(11) NOT NULL,
`start` date NOT NULL,
`end` date NOT NULL,
`user_id` int(11) NOT NULL,
`created` datetime DEFAULT NULL,
`modified` datetime DEFAULT NULL,
PRIMARY KEY (`id`)
)
THX
Are you sure that you need the groups_users table? Wouldn't each user only be able to belong to one group?
You will be able to accomplish this much easier if you just bring the group id into the users table as a foreign key
CREATE TABLE IF NOT EXISTS `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`email` varchar(64) NOT NULL,
`password` varchar(64) NOT NULL,
`enabled` tinyint(1) NOT NULL,
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
`group_id` int(11) NOT NULLL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`)
)
Then you can send to the view whether or not the user should be able to see certain information...
in your app_controller.php add the following
function beforeFilter(){
$this->set('users_role', $this->Auth->user('group_id'));
}
Now you will have a variable accessable by your view which will be $users_role... then you can perform the following in your view.
<?php if($users_role == 1 ): ?>
//show records available to admins
<?php elseif ($users_role == 2): ?>
//show records available to logged in users
<?php else : ?>
//show records for all users
<?php endif; ?>
Maybe I have a solution - I could use some feedback:
After the user logged in, I save the permissions in his Session-Variables:
function login() {
if($user = $this->Auth->user()) {
$this->User->unbindModel(array(
'hasMany' => array('Reservation'),
));
$user = $this->User->find('first', array('conditions' => array('id' => $user['User']['id']), 'recursive' => 2));
$this->Session->write('Auth.User.Group', $user['Group']);
}
I'm not sure how secure this solution is and permission changes only affects after logout, but it seems to work fine.
加载中,请稍侯......
精彩评论