CakePHP + ACL concepts from a (former) noob
While there are plenty of tutorials out there covering how to use CakePHP’s ACL Component, and getting it to jive with CakePHP’s Auth Component, most of the tutorials out there take different approaches towards implementing this technology. If this is your first time using ACL, you might be feeling a little confused about exactly how ACL works, and if you’re like me, diving through all of these conflicting tutorials (some which use deprecated functions based on prior versions of cake) only serves to further confuse.
So now that I’ve spent a good couple of days wrapping my head around this concept, I thought I’d share what I’ve learned with you, so hopefully you can get this up and running much quicker than I did. To do this you’re going to need to understand some basic concepts of ACL, reading up on this in depth will only help you. I’ll try and point out some of the major pitfalls I ran into, so you don’t make the same mistakes. I’m not going to give you code, since this will just further confuse you. You’re going to have to write a fair bit of code on your own to get this working for your application. But I will provide a link to my source code for my project and an sql dump of my ARO tables so you can see what they should look like at the end of the tutorial.
Step One, What You Need to Learn
ACL basically defines what actions each person or group (AROs) can do to each item (ACOs). The important thing to remember is that an ARO and an ACO are really exactly the same. In a web application, everything is a row in a table. Each user or group or post or comment is just a row in the User, Group, Post or Comment table. So what we are doing is saying, when someone is logged in as a certain row in the User table, which rows in the Post table are they able to access? Groups are used so that users can inherit permissions. This saves us effort and results in fewer rows in our ACL tables because we don’t have to redefine permissions for each user, they simply inherit the permissions of the group they are in. A user can have a combination of any of the following permissions on an item: create, read, update and delete.
Setup the ACL tables by following the ACL section of the CakePHP manual. Once you have it setup, open up phpmyadmin or cocoa and have a look at the tables that were created, they should be acos, aros, and aros_acos. Lets look at the fields in these tables to understand what is going on. If it helps, whenever you see ARO think User, and whenever you see ACO think Post.
