I'm attending CakeFest 2010!

Options

Feeds

The Manual»Core Components»Access Control Lists»Defining Permissions: Cake's Database ACL»Checking Permissions: The ACL Component

5.1.3.4 Checking Permissions: The ACL Component

Let's use the AclComponent to make sure dwarves and elves can't remove things from the armory. At this point, we should be able to use the AclComponent to make a check between the ACOs and AROs we've created. The basic syntax for making a permissions check is:

$this->Acl->check( $aro, $aco, $action = '*');
  1. $this->Acl->check( $aro, $aco, $action = '*');

Let's give it a try inside a controller action:

function index()
{
	//These all return true:
	$this->Acl->check('warriors/Aragorn', 'Weapons');
	$this->Acl->check('warriors/Aragorn', 'Weapons', 'create');
	$this->Acl->check('warriors/Aragorn', 'Weapons', 'read');
	$this->Acl->check('warriors/Aragorn', 'Weapons', 'update');
	$this->Acl->check('warriors/Aragorn', 'Weapons', 'delete');
	
	//Remember, we can use the model/foreign key syntax 
	//for our user AROs
	$this->Acl->check(array('model' => 'User', 'foreign_key' => 2356), 'Weapons');
	
	//These also return true:
	$result = $this->Acl->check('warriors/Legolas', 'Weapons', 'create');
	$result = $this->Acl->check('warriors/Gimli', 'Weapons', 'read');
	
	//But these return false:
	$result = $this->Acl->check('warriors/Legolas', 'Weapons', 'delete');
	$result = $this->Acl->check('warriors/Gimli', 'Weapons', 'delete');
}
  1. function index()
  2. {
  3. //These all return true:
  4. $this->Acl->check('warriors/Aragorn', 'Weapons');
  5. $this->Acl->check('warriors/Aragorn', 'Weapons', 'create');
  6. $this->Acl->check('warriors/Aragorn', 'Weapons', 'read');
  7. $this->Acl->check('warriors/Aragorn', 'Weapons', 'update');
  8. $this->Acl->check('warriors/Aragorn', 'Weapons', 'delete');
  10. //Remember, we can use the model/foreign key syntax
  11. //for our user AROs
  12. $this->Acl->check(array('model' => 'User', 'foreign_key' => 2356), 'Weapons');
  14. //These also return true:
  15. $result = $this->Acl->check('warriors/Legolas', 'Weapons', 'create');
  16. $result = $this->Acl->check('warriors/Gimli', 'Weapons', 'read');
  18. //But these return false:
  19. $result = $this->Acl->check('warriors/Legolas', 'Weapons', 'delete');
  20. $result = $this->Acl->check('warriors/Gimli', 'Weapons', 'delete');
  21. }

The usage here is demonstrational, but hopefully you can see how checking like this can be used to decide whether or not to allow something to happen, show an error message, or redirect the user to a login.

« Assigning Permissions | Authentication »