I thought to blog about some important things to take note of when building a web application using CakePHP Framework that is ACL-controlled. Some of these I have experienced and learned as valuable lessons.

But before that, I would like to refer you these links to give you more understanding how to use AuthComponent and AclBehavior.

• AranWorld Cakephp Acl Tutorial
• PrometSupport Auth with Acl
• Lots of Auth/Acl tutorials by LemonCake

Adding a User in the AROs table

After you add a user in the AROs table, don't forget to update that record with its corresponding 'model' and 'foreign_key' fields. Usually the Model field value is the name of your Users Model, and the foreign_key is the id of that user.

Adding a Controller in the ACOs table

I think you will have to be specific with which of the Controller's actions/methods are allowed access by certain groups of your application.

Something to do with aros_acos table

the fields named 'create','read','update','delete' are simply crud actions that may contain 1,0 or -1.
1 means allowed, 0 means rights access inherited from its parent, -1 is denied.
if you have other actions you may add them so in the aros_acos table but prepend their names with the underscore.

Related Posts

• December 10, 2008 -- cakecms at github (0)
• November 18, 2008 -- Confusing cakephp validation rule ‘required’=>true (0)
• October 23, 2008 -- my workaround: Cakephp model associations not in primary keys (5)

This entry was posted on Wednesday, December 10th, 2008 at 1:01 am and is filed under blog post. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.