开发者

CakePHP Acl confusion - denied access to group but user of that group has access

Now I must be missing something in my ACL-controlled application. My User model belongsTo a model called Role. I have included the ACL behaviour in both models. Both models have parentNode functions - in Role, this returns null. In User, the code is below:

public 开发者_C百科function parentNode() {
    if (!$this->id && empty($this->data)){
        return null;
    }
    if (isset($this->data['User']['role_id'])){
        $roleId = $this->data['User']['role_id'];
    } else {
        $roleId = $this->field('role_id');
    }
    if (!$roleId){
        return null;
    } else {
        return array('Role' => array('id' => $roleId));
    }
}

I'm logged in as a user that has role_id = 8. In my aros table, the user has a parent_id of 9, which is the aro entry for the correct role.

I created the following action to illustrate the problem:

public function permissions(){
    $this->autoRender = false;
    if($this->Acl->check(array('model'=>'User','foreign_key'=>$this->Auth->user('id')),'Countries')){
        echo 'User: Allowed<br />';
    }else{
        echo 'User: Forbidden<br />';
    }
    if ($this->Acl->check(array('model'=>'Role','foreign_key'=>$this->Auth->user('role_id')),'Countries')){
        echo 'Role: Allowed';
    }else{
        echo 'Role: Forbidden';
    }
}

When I run the action, I get:

User: Allowed
Role: Forbidden

The user entry does not have any entries in the aros_acos table. The only entries in that table are for Role aros.

Can anyone shed any light on this?

Thanks.

Edit - just in case it's not clear, the expected behaviour would be that both the user and the role are forbidden from accessing this controller ('Countries').

Edit - I do assign permissions, like so:

    $this->Acl->deny('City admin','Countries');

I've verified in the database that this has worked.


I'm just gonna go out on a limb here since you haven't answered my question. Have you checked this?

Can't really tell since you don't show it, but you should set up your permissions and allowed actions in the manner specified in that link.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜