cakephp group based permissions
I would like to have group based restrictions that would allow users to access only specified parts of the web. I am new to the whole ACL stuff and I didn't quite get it from the manual :/ therefore I would like to ask some questions.
But before any questions, my routes look like this:
Router::connect('/', array('controller' => 'users', 'action' => 'login'));
Router::connect('/admin/:controller/:action/*', array('prefix' => 'admin', 'admin' => true));
Router::connect('/registered/:controller/:action/*', arr开发者_如何学Goay('prefix' => 'registered', 'registered' => true));
1.) How do I restrict users from any other group than Administrator
to access ONLY the /registered/
part of the web
2.) How do I prevent anyone from using the default addresses like www.example.com/users/add
on a global scale (I want only www.example.com/admin/users/add
or www.example.com/registered/users/add
type of addresses)? This kind of addresses is not event set in the routes.php
but they still work.
Any answers apprecated
Firstly is this cake 1.3 or 1.2? In 1.3 prefix routing is used. You can setup multiple prefixes, for example right now I am developing a site that requires administrator control through admin/controller/action and also I am restricting some areas to only registered users.. for example /users/controller/action.
This is relatively easy to do, first step is to setup prefixes in your core.php:
Configure::write('Routing.prefixes', array('admin', 'registered'));
It is documented here: http://book.cakephp.org/view/950/Prefix-Routing
Auth component can take care of everything else here, you can use ACL and so on but I haven't looked to far into this because it seems overcomplicated for the things I am creating at the moment.
A tutorial I found helpful was Andrew Perkins auth component tutorial on youtube when I was learning how to do this. youtube.com/watch?v=FjXAnizmR94
There are 3 parts, and he explains things well.
Best of luck!
Ok, so this is a working sollution. (/app/app_controller.php
)
function beforeFilter() {
if ((isset($this->params['admin']))) {
$admin_grp = $this->UserGroup->find('first', array(
'conditions' => array(
'UserGroup.name' => 'Administrator')));
if ($this->Auth->user('user_group_id') != $admin_grp['UserGroup']['id']) {
$this->Session->setFlash(__('Access denied.', true));
$this->redirect("/registered");
} else {
$this->layout = 'admin';
}
} else if (isset($this->params['registered'])) {
if (!$this->Auth->user()) {
$this->Session->setFlash(__('Access denied. You need to login first.', true));
$this->redirect("/users/login");
}
$this->layout = 'registered';
} else {
$this->layout = 'default';
}
}
精彩评论