Welcome to the Cookbook

There is no translation yet for this section. Please help out and translate this.. More information about translations

For Auth and Acl to work properly we need to associate our users and groups to rows in the Acl tables. In order to do this we will use the AclBehavior. The AclBehavior allows for the automagic connection of models with the Acl tables. Its use requires an implementation of parentNode() on your model. In our User model we will add the following.

var $name = 'User';
var $belongsTo = array('Group');
var $actsAs = array('Acl' => 'requester');
 
function parentNode() {
    if (!$this->id && empty($this->data)) {
        return null;
    }
    $data = $this->data;
    if (empty($this->data)) {
        $data = $this->read();
    }
    if (empty($data['User']['group_id'])) {
        return null;
    } else {
        return array('Group' => array('id' => $data['User']['group_id']));
    }
}

1. var $name = 'User';
2. var $belongsTo = array('Group');
3. var $actsAs = array('Acl' => 'requester');
5. function parentNode() {
6. if (!$this->id && empty($this->data)) {
7. return null;
8. }
9. $data = $this->data;
10. if (empty($this->data)) {
11. $data = $this->read();
12. }
13. if (empty($data['User']['group_id'])) {
14. return null;
15. } else {
16. return array('Group' => array('id' => $data['User']['group_id']));
17. }
18. }

Then in our Group Model Add the following:

var $actsAs = array('Acl' => array('type' => 'requester'));
 
function parentNode() {
    return null;
}

1. var $actsAs = array('Acl' => array('type' => 'requester'));
3. function parentNode() {
4. return null;
5. }

What this does, is tie the Group and User models to the Acl, and tell CakePHP that every-time you make a User or Group you want an entry on the aros table as well. This makes Acl management a piece of cake as your AROs become transparently tied to your users and groups tables. So anytime you create or delete a user/group the Aro table is updated.

Our controllers and models are now prepped for adding some initial data, and our Group and User models are bound to the Acl table. So add some groups and users using the baked forms by browsing to http://example.com/groups/add and http://example.com/users/add. I made the following groups:

• administrators
• managers
• users

I also created a user in each group so I had a user of each different access group to test with later. Write everything down or use easy passwords so you don't forget. If you do a SELECT * FROM aros; from a mysql prompt you should get something like the following:

+----+-----------+-------+-------------+-------+------+------+
| id | parent_id | model | foreign_key | alias | lft  | rght |
+----+-----------+-------+-------------+-------+------+------+
|  1 |      NULL | Group |           1 | NULL  |    1 |    4 |
|  2 |      NULL | Group |           2 | NULL  |    5 |    8 |
|  3 |      NULL | Group |           3 | NULL  |    9 |   12 |
|  4 |         1 | User  |           1 | NULL  |    2 |    3 |
|  5 |         2 | User  |           2 | NULL  |    6 |    7 |
|  6 |         3 | User  |           3 | NULL  |   10 |   11 |
+----+-----------+-------+-------------+-------+------+------+
6 rows in set (0.00 sec)

This shows us that we have 3 groups and 3 users. The users are nested inside the groups, which means we can set permissions on a per-group or per-user basis.

When modifying a user, you must manually update the ARO. This code should be executed wherever you're updating the user information:

// Check if their permission group is changing
$oldgroupid = $this->User->field('group_id');
if ($oldgroupid !== $this->data['User']['group_id']) {
    $aro =& $this->Acl->Aro;
    $user = $aro->findByForeignKeyAndModel($this->data['User']['id'], 'User');
    $group = $aro->findByForeignKeyAndModel($this->data['User']['group_id'], 'Group');
                
    // Save to ARO table
    $aro->id = $user['Aro']['id'];
    $aro->save(array('parent_id' => $group['Aro']['id']));
}

1. // Check if their permission group is changing
2. $oldgroupid = $this->User->field('group_id');
3. if ($oldgroupid !== $this->data['User']['group_id']) {
4. $aro =& $this->Acl->Aro;
5. $user = $aro->findByForeignKeyAndModel($this->data['User']['id'], 'User');
6. $group = $aro->findByForeignKeyAndModel($this->data['User']['group_id'], 'Group');
8. // Save to ARO table
9. $aro->id = $user['Aro']['id'];
10. $aro->save(array('parent_id' => $group['Aro']['id']));
11. }

An alternative to the above Aro update after group_id is changed, is to add the below to your User model. Then you don't have to worry about duplicate code.

/**    
 * After save callback
 *
 * Update the aro for the user.
 *
 * @access public
 * @return void
 */
function afterSave($created) {
        if (!$created) {
            $parent = $this->parentNode();
            $parent = $this->node($parent);
            $node = $this->node();
            $aro = $node[0];
            $aro['Aro']['parent_id'] = $parent[0]['Aro']['id'];
            $this->Aro->save($aro);
        }
}

1. /**
2. * After save callback
3. *
4. * Update the aro for the user.
5. *
6. * @access public
7. * @return void
8. */
9. function afterSave($created) {
10. if (!$created) {
11. $parent = $this->parentNode();
12. $parent = $this->node($parent);
13. $node = $this->node();
14. $aro = $node[0];
15. $aro['Aro']['parent_id'] = $parent[0]['Aro']['id'];
16. $this->Aro->save($aro);
17. }
18. }