Plugin ACL

ACL Plugin for CakePHP 1.3

The core of CakePHP contains a system to control access rights based on Access control list. This mechanism is very useful, but I have to admit, not very easy to dive in the first time you try to use it.

Moreover, CakePHP doesn't provide out of the box an interface to configure the rights managed through ACL.

This plugin is such an interface allowing to manage permissions of your application's users and roles.

Technically, it allows to manage the content of the aros, acos and aros_acos tables, used by the CakePHP ACL Component. Its interface is partially inspired by the one you can find in the Croogo CMS, and a part of the code comes from this tutorial of the CakePHP documentation.

Prerequisites

CakePHP 1.3.x
A website whose access rights are managed through the ACL Component. A good introduction on how to use this Component can be found in the CakePHP documentation.
a table in your database containing the users (its name can be configured)
a table in your database containing the roles (its name can be configured). The example given in the tutorial above uses for instance a table called groups and not roles.

Features

creation of acos for each action of your controllers
automatic detection of new controllers and/or actions
clear display of roles permissions
clear display of users specific permissions
easy edition of roles permissions (through AJAX)
easy edition of users specific permissions (through AJAX)

Demo

A sample application containing the ACL plugin can be found here. This sample application is volontary simple.

But please note that the users and roles pages are automatically generated through bake by using the templates of the Alaxos plugin.

Download

This plugin is available on the downloads page.

Installation

copy the folder acl in your folder /app/plugins
configure the admin route (see http://book.cakephp.org/view/950/Prefix-Routing)
copy the parameters found in acl/config/bootstrap.php in your file /app/config/bootstrap.php
access the plugin by navigating to /admin/acl

parameter	explanation
acl.aro.role.model	Name of the model representing the roles Typically: "Role" ou "Group"
acl.aro.role.primary_key	Allows to force the name of the roles primary key Can be left empty if this name follows the CakePHP conventions ("id")
acl.aro.role.foreign_key	Allows to force the name of the role foreign key Can be left empty if this name follows the CakePHP conventions (e.g. "role_id")
acl.aro.user.model	Name of the model representing the users Typically: "User"
acl.aro.user.primary_key	Allows to force the name of the users primary key Can be left empty if this name follows the CakePHP conventions ("id")
acl.aro.role.display_field	Name of the field used to display the roles Typically: "name"
acl.role.access_plugin_role_ids	An array containing the roles ids being in all cases allowed to access the plugin (by bypassing the ACL permissions). Useful to not being denied access from the ACL plugin when we manipulate the ACL permissions.
acl.role.access_plugin_user_ids	An array containing the users ids being in all cases allowed to access the plugin (by bypassing the ACL permissions). Useful to not being denied access from the ACL plugin when we manipulate the ACL permissions.
acl.user.display_name	The name of the field to use to display the users It can also be a SQL expression such as: CONCAT(User.lastname, ' ', User.firstname) for MySQL
acl.check_act_as_requester	Indicates wether the presence of the ACL Behavior configured as Requester in the user and role models must be automatically verified when the plugin is accessed
acl.gui.roles_permissions.ajax	Indicates wether the roles permissions page must be loaded through AJAX. Depending on the number of permissions to check, this page may takes much time to load. To prevent a webserver timeout, it is possible to configure the page loading through AJAX.
acl.gui.users_permissions.ajax	Indicates wether the users permissions page must be loaded through AJAX. Depending on the number of permissions to check, this page may takes much time to load. To prevent a webserver timeout, it is possible to configure the page loading through AJAX.

FAQ

A list of FAQ is available here.

Looking for a CakePHP 2.0 version ?

Page created on : 2010-06-25 23:08:14 | last update : 2011-12-09 16:08:14

New comment

225 comments

<< newer | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9...11 | 12 | older >>

comment by Pankaj on 2013-04-30 at 11:09:08

Hello ,

I have set up plugin on my website, Proble here is how to check the permissions now for any function. Everything is fine with database setup. Just want to know how will we check if we have not granted permission for user to add (new user). Its not checking permissions.. any code on controller file or in view..??

Please kindly provide your help..

comment by Pankaj on 2013-04-30 at 09:31:07

comment by lenin on 2013-03-09 at 10:45:24 - frogfry.com

Great Work man! thank you very much..! appreciated.!

comment by teano on 2013-01-04 at 15:25:26

FYI: The sites "Roles permissions" and "Users permissions" don't work for me using firefox. The ticked/crossed symbols don't load weather ajax is enabled or not. No Problems with Chrome...

comment by ngae.net on 2012-10-08 at 16:20:43 - ngae.net

hi
Thanks.

comment by Dave on 2012-07-11 at 16:11:23

(Realized why no models - just has components.)

comment by Dave on 2012-07-11 at 15:13:20

Trying to use this with CakePHP 2.2, but getting Fatal Error memory....etc.

Have been trying to look through the code to see what needs updating for 2.2 if anything, but - I don't understand... there are no models, yet it looks like it's calling models to do things... what am I missing?

comment by sulayman on 2012-06-10 at 14:25:39 - www.sesa.af

How can we check the permissions on view level. I want users not to see the menu items that they don't have access to them.
Please help....

comment by darek on 2012-05-15 at 14:08:05

I have in routers.php:

Router::connect('/admin/acl', array('plugin' => 'acl', 'controller' => 'acl', 'action' => 'index', 'admin' => true));

In core.php:
Configure::write('Routing.prefixes', array('admin'));

and it show:

"You are not authorized to access that location."
and
"Error: UsersController could not be found."

comment by darek on 2012-05-15 at 13:31:04

Hello,

I have a question.

What I have write to routes.php and what write in core.php ?
When I write in browser: "myapp/admin/acl/", application redirect to: "myapp/admin/acl/users/login" ? Why ?

comment by Walter on 2012-04-05 at 21:00:26

To update: I got the plugin working. It works great. I had to add the Acl.AclManager to the $components var in the aros_controller file. Once I did this it works great. For some reason it is not including it from the acl_app_controller. If anyone has any idea why please let me know. In the mean time it is working.

comment by Walter on 2012-04-03 at 23:02:17 - r-u-readydesigns.com

Thanks for your plugin. I am having a problem with the 1.3 plugin. Everything seems to work except when I click on the Permissions link I get the following:
Undefined property: ArosController::$AclManager [APP\plugins\acl\acl_app_controller.php, line 40]

If you could point me in the direction I need to go to track this down I would appreciate it. I have downloaded the plugin again and reinstalled it. I get the same error.

Thanks.

comment by Cyril on 2012-02-15 at 12:44:53

Bonjour,
Je tiens à te remercier pour le travail que tu as fait. Ce plugin est bien fait et il facilite bien la vie. Peut-être un peu novice, je me permet de préciser si ça peut aider les autres que j'ai eu un petit problème pour le faire fonctionner mais qui n'était pas à dû à celui-ci. Si j'ai bien compris le composant acl_reflector.php utilise App:import dans la fonction get_all_app_controller() pour inclure les contrôleurs de mon application. L'encodage de mes fichiers contrôleurs posait problème à cette étape. J'ai encodé mes fichiers contrôleurs en UTF-8 sans DOM. Là tout fonctionne, la vie est belle.
Merci encore.

comment by Ryan on 2012-02-06 at 15:51:33

Thanks for the response- I really appreciate it. It works just fine now. This plugin is so helpful - great job!

comment by nIcO on 2012-02-06 at 09:14:09

Ryan,

I don't have much time right now, but to give you a quick and dirty answer, you can try to replace the 'get_all_app_controllers()' function in the AclReflectorComponent by this one:

public function get_all_app_controllers()
{
  $controllers = array();
  $folder =& new Folder();
  
  $paths = array(APP . 'controllers', ROOT . DS . 'shared' . DS . 'controllers');

  foreach($paths as $path)
  {
    //$didCD = $folder->cd(APP . 'controllers');
    $didCD = $folder->cd($path);
    if(!empty($didCD))
    {
      $files = $folder->findRecursive('.*_controller\.php');
        
      foreach($files as $fileName)
      {
        $file = basename($fileName);

        // Get the controller name
        $controller_class_name = Inflector::camelize(substr($file, 0, strlen($file) - strlen('_controller.php')));
        
        if (!App::import('Controller', $controller_class_name, true, $paths))
        {
          debug('Error importing ' . $controller_class_name . ' from APP controllers');
        }
        else
        {
          $controllers[] = array('file' => $fileName, 'name' => $controller_class_name);
        }
      }
    }
  }
  
  sort($controllers);
  
  return $controllers;
}

It is not that good because it contains your additional path hard coded, but it should work.

I have tried rapidly to get the paths set by your App::build() call and the result contains more than the two paths you give (e.g. the core controllers path is returned) and that would probably break the plugin logic later.

comment by Ryan on 2012-02-06 at 03:55:17

Thanks so much for the great plugin!

I'm using Cake 1.3.

I know that your FAQ page addresses the fact that some actions are missing due to being 'private', 'protected', or in default plugins controllers, etc. In my app, however, I have some actions missing that do not meet any of those conditions.

I have defined some additional controller paths in my bootstrap.php file using App::build(), as in the following example:

App::build(array(
	    'controllers' =>  array(
                ROOT.DS.APP_DIR.DS.'controllers'.DS, 
	    	ROOT.DS.'shared'.DS.'controllers'.DS
             )
));

The first path is the standard app path, and the second is a 'shared' folder I use for several applications. The ACL plugin finds the methods located in the first path, but it omits ones in the second. The CakePHP Book's automated tool for building ACOs, located at http://book.cakephp.org/1.3/en/view/1549/An-Automated-tool-for-creating-ACOs, does not make the same omission.

I've wondered if perhaps defining additional APP paths is against Cake convention and that those additional files should be in a plugin. As far as I could tell, though, I've indeed been following Cake conventions, as the instructions for defining additional paths are located in the comments of bootstrap.php itself. Is there any way to include controllers located in the additional paths without having to repackage them into a plugin?

comment by nIcO on 2012-02-02 at 09:48:33

I see two things here. First like you suspect, having two classes in your application that share the same name is a bad idea. It will likely give you some problems in one way or another, with the wrong class being instantiated or whatever. As far as Cake does not use namespaces, this is not recommended.

Then, even if you change this name, there will be another problem if the controller you want to manage with ACL is the 'default' controller (a controller that has the same name as the plugin). There was an issue with the ACO nodes retrieval when the path contains twice the same name, which is the case for plugins default controllers.

controllers/Pages/Pages/index

So I decided to just skip the plugins default controllers from the controllers supported by the ACL plugin.

If you are the author of this plugin, you could rename it (because PagesController exists already), and move the actions in some other controller than the default controller.

comment by Andre Santiago on 2012-02-01 at 20:58:04 - www.bravanews.com

Hello,

I have been developing with CakePHP and this plugin has helped in tremendously.

However, I am facing one issue I am not sure how to fix it, although, I suspect where the issue is coming from.

I added a plugin named 'pages', but I cannot get ACL to see it so it is added to the list of allowed/denied actions.

Is it because this controller is named pages and there is already a pages controller within Cake?

If it is how do I fix it?

Thanks,

comment by Kirby on 2012-01-21 at 20:24:01

All parts of the plugin are working for me except for the individual permissions for users. When I click on user permissions, I get the list with a username and an lock icon. When I click on the lock icon it brings up the

demosite/admin/acl/aros/user_permissions{user:id}/ajax:true

page; however, the user is not loaded, user is blank and role is blank. I'm looking for suggestions on what cake or plugin configuration I might have wrong. Everything else with permissions, roles is working as expected.

Thanks for the plugin.

comment by nIcO on 2012-01-13 at 23:48:44

Vinicius,

If you want the pages controller to appear in the list of managed actions, copy it from the cake library into the app controllers folder ( http://book.cakephp.org/1.3/view/958/The-Pages-Controller ).

Alternatively, if all or some pages served by the PagesController->display() method must be made public, you can use the AuthComponent->allow() method manually in beforeFilter to bypass the ACL and grant access.

<< previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9...11 | 12 | next >>