开发者

How do I build internal Access Control for site features in CakePHP

问答 作者:

I went through the tutorials and examples on the CakePHP Acl and Auth components today in detail. I configured my Auth component to use $this->Auth->aut开发者_开发问答horize = 'actions'. With this I was able to successfully restrict access to specific site actions without a problem.

However, my application needs to go a bit beyond this and I'm unsure of how best to accomplish my goals for this application.

Within the application that I am developing using CakePHP 1.3.8, there are specific "site features". For example, users of the application will have the ability to message one another.

I want to treat each message as an ACO so that I can control who can and cannot view or delete the message.

Another site feature is the earning of "badges" for achieving certain goals. For these badges I'd like to treat them as ACO's for the locking and unlocking of these badges.

I do not think that I can do this with the out-of-the-box ACL functionality of CakePHP as this goes beyond restricting access to actions. I'm looking for any ideas on how best to achieve this functionality.

With the standard ACL functionality in CakePHP it's only possible to create ACO entries for controller actions. This means that your setup (treating every single message as a seperate ACO) will not fly. Same as with badges.

For your messages I would go for a setup in which you would check in your view/edit/delete methods if a certain user is the sender or receiver of the message.

Something like

# in messages_controller
function view($id) {
    if(!$isSender($loggedInUserId) || !$isReceiver($loggedInUserId)) {
        $this->Session->setFlash("You're not allowed to view this message")
        $this->redirect('index');
    }
    # do view stuff here    
}
function edit($id) {
    if(!$isSender($loggedInUserId)) {
        $this->Session->setFlash("You're not allowed to edit this message")
        $this->redirect('index');
    }
    # do edit stuff here    
}

Regarding the badges, I would go for a regular HABTM (HasAndBelongsToMany) relation between a User and a Badge. When a User reaches a certain goal, you make a call like Badge::unlock($badge, $user) which saves the new badge for the user to the users_badges join table.

From there you can do basic stuff like listing all the badges for a certain user, etc.

I studied over Cake's Acl component much closer and figured that I could write something that sort of imitates this functionality for my internal "feature" access control. My thoughts are that I could have a Faro (Feature access request objects), Faco, and Facos_Faros table. Faco and Faro will have a HABTM relationship. I could then create my own component that manages it all.

继续阅读:access-controlaclcakephp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9