3,035
edits
Update:Remora Permissions: Difference between revisions
→Permissions
| Line 1: | Line 1: | ||
[[Update:Remora|« Back to Update:Remora]] | [[Update:Remora|« Back to Update:Remora]] | ||
== Backdrop == | |||
We tried to use db_acl, but the implementation meant too much overhead for our relatively simple requirements. Mainly we wanted to lock down access by group/role. We opted to go with the [http://www.thinkingphp.org/2006/10/03/a-lightweight-approach-to-acl-the-33-lines-of-magic/ 33 lines of magic] approach which is simpler by design and was shaver's first preferred choice. Read the blog to see why it can get the job done even if it isn't completely normalized and abstracted. | |||
== Permissions == | == Permissions == | ||
There are two ways to grant permissions: | |||
* group | |||
* user | |||
These permissions can be used together. The resulting permissions will be the union of these. | |||
Formatting permissions is a matter of entering Controller:action permissions in a comma delimited list in either User.rules or Group.rules. Examples would be: | |||
// Grants access to all Users and Groups controller actions. | |||
Users:*,Groups:* | |||
// Grants access to all possible controllers and actions. | |||
*:* | |||
// Grants access to only Editor actions. | |||
Reviewers:* | |||
// Grants access to only review adding. | |||
Reviews:add | |||
== Using Permissions in Controllers == | |||
SimpleAcl and SimpleAuth are instantiated in the app_controller, which means they are loaded for all controllers by default. This means: | |||
* New controller actions will be locked down by default | |||
* You have to enable them by one of two ways... | |||
Add the desired action to aclExeption in your controller: | |||
// Lets the world (even non-logged in users) access view and edit. | |||
var $aclException = array('view','edit'); | |||
Disable ACL checking for the entire controller: | |||
// Disables all ACL checking for the entire controller. | |||
function beforeFilter { | |||
$this->SimpleAuth->enabled=false; | |||
$this->SimpleAcl->enabled=false; | |||
} | |||
== Public permissions == | == Public permissions == | ||