Jojo Siao

I thought to blog about some important things to take note of when building a web application using CakePHP Framework that is ACL-controlled. Some of these I have experienced and learned as valuable lessons.

But before that, I would like to refer you these links to give you more understanding how to use AuthComponent and AclBehavior.

• AranWorld Cakephp Acl Tutorial
• PrometSupport Auth with Acl
• Lots of Auth/Acl tutorials by LemonCake

Adding a User in the AROs table

After you add a user in the AROs table, don’t forget to update that record with its corresponding ‘model’ and ‘foreign_key’ fields. Usually the Model field value is the name of your Users Model, and the foreign_key is the id of that user.

Adding a Controller in the ACOs table

I think you will have to be specific with which of the Controller’s actions/methods are allowed access by certain groups of your application.

Something to do with aros_acos table

the fields named ‘create’,'read’,'update’,'delete’ are simply crud actions that may contain 1,0 or -1.
1 means allowed, 0 means rights access inherited from its parent, -1 is denied.
if you have other actions you may add them so in the aros_acos table but prepend their names with the underscore.