CakePHP 1.3    Plugin ACL    

ACL Plugin for CakePHP 1.3

The core of CakePHP contains a system to control access rights based on Access control list. This mechanism is very useful, but I have to admit, not very easy to dive in the first time you try to use it.

Moreover, CakePHP doesn't provide out of the box an interface to configure the rights managed through ACL.

This plugin is such an interface allowing to manage permissions of your application's users and roles.

Technically, it allows to manage the content of the aros, acos and aros_acos tables, used by the CakePHP ACL Component. Its interface is partially inspired by the one you can find in the Croogo CMS, and a part of the code comes from this tutorial of the CakePHP documentation.

 

 

Prerequisites

  • CakePHP 1.3.x

  • A website whose access rights are managed through the ACL Component. A good introduction on how to use this Component can be found in the CakePHP documentation.

  • a table in your database containing the users (its name can be configured)

  • a table in your database containing the roles (its name can be configured). The example given in the tutorial above uses for instance a table called groups and not roles.

Features

  • creation of acos for each action of your controllers

  • automatic detection of new controllers and/or actions

  • clear display of roles permissions

  • clear display of users specific permissions

  • easy edition of roles permissions (through AJAX)

  • easy edition of users specific permissions (through AJAX)

Demo

A sample application containing the ACL plugin can be found here. This sample application is volontary simple.

But please note that the users and roles pages are automatically generated through bake by using the templates of the Alaxos plugin.

Download

This plugin is available on the downloads page.

Installation

  • copy the folder acl in your folder /app/plugins

  • configure the admin route (see http://book.cakephp.org/view/950/Prefix-Routing)

  • copy the parameters found in acl/config/bootstrap.php in your file /app/config/bootstrap.php

  • access the plugin by navigating to /admin/acl

 

parameter explanation
acl.aro.role.model Name of the model representing the roles

Typically: "Role" ou "Group"
acl.aro.role.primary_key Allows to force the name of the roles primary key

Can be left empty if this name follows the CakePHP conventions ("id")
acl.aro.role.foreign_key Allows to force the name of the role foreign key

Can be left empty if this name follows the CakePHP conventions (e.g. "role_id")
acl.aro.user.model Name of the model representing the users

Typically: "User"
acl.aro.user.primary_key Allows to force the name of the users primary key

Can be left empty if this name follows the CakePHP conventions ("id")
acl.aro.role.display_field Name of the field used to display the roles

Typically: "name"
acl.role.access_plugin_role_ids An array containing the roles ids being in all cases allowed to access the plugin (by bypassing the ACL permissions).

Useful to not being denied access from the ACL plugin when we manipulate the ACL permissions.
acl.role.access_plugin_user_ids An array containing the users ids being in all cases allowed to access the plugin (by bypassing the ACL permissions).

Useful to not being denied access from the ACL plugin when we manipulate the ACL permissions.
acl.user.display_name The name of the field to use to display the users

It can also be a SQL expression such as:

CONCAT(User.lastname, ' ', User.firstname) for MySQL
acl.check_act_as_requester Indicates wether the presence of the ACL Behavior configured as Requester in the user and role models must be automatically verified when the plugin is accessed
acl.gui.roles_permissions.ajax Indicates wether the roles permissions page must be loaded through AJAX.

Depending on the number of permissions to check, this page may takes much time to load. To prevent a webserver timeout, it is possible to configure the page loading through AJAX.
acl.gui.users_permissions.ajax Indicates wether the users permissions page must be loaded through AJAX.

Depending on the number of permissions to check, this page may takes much time to load. To prevent a webserver timeout, it is possible to configure the page loading through AJAX.

FAQ

A list of FAQ is available here.

Looking for a CakePHP 2.0 version ?

Page created on : 2010-06-25 23:08:14 | last update : 2011-12-09 16:08:14

New comment

Your name
Your email
won't be displayed on the website
Your website
Your comment
  • URLs and email addresses surrounded by spaces are automatically activated
  • to include a block of code, surround it with [code]...[/code]

229 comments

<< newer | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9...11 | 12 |
comment by Rodrigo Bertoncello on 2014-04-12 at 04:31:58 - www.livecondominium.com.br
My project is installed in "home/user/app", (above "public_html"), I'm not able to config router to make work "/admin/acl".
Someone did already resolve this question ?
I'm using Cake 2.x
comment by Ubed on 2014-03-30 at 11:19:36
I have an issue with user permission when i add permission to any specific user it work fine but when i want to deny permission it show error like as
 "Undefined index: Permission [<b>APP\Plugin\Acl\Controller\Component\AclManagerComponent.php</b>, line <b>501</b>"  AND  "An error occured while deleting the specific permission" 
please help me how can i solve this.
comment by Ubed on 2014-03-30 at 11:18:16
I have an issue with user permission when i add permission to any specific user it work fine but when i want to deny permission it show error like as "Undefined index: Permission [<b>APP\Plugin\Acl\Controller\Component\AclManagerComponent.php</b>, line <b>501</b>" AND "An error occured while deleting the specific permission"
please help me how can i solve this.
comment by Badru on 2014-02-06 at 14:23:32
Hi,

i have successfully installed and configured Alaxos ACL 2.3.0 Plugin in my cakephp application developed under 2.3.10 but the major issue is ACL not denying actions set in user role or in User permissions all action allowed instead of few already blocked by user permissions my application In few action throw like below,

Fatal error
AclNode::node() - Couldn't find Aro node identified by "Array ( [Aro0.model] => User [Aro0.foreign_key] => 2 ) "

pls suggest me what can i do ?
comment by Pankaj on 2013-04-30 at 11:09:08
Hello ,

I have set up plugin on my website, Proble here is how to check the permissions now for any function. Everything is fine with database setup. Just want to know how will we check if we have not granted permission for user to add (new user). Its not checking permissions.. any code on controller file or in view..??

Please kindly provide your help..
comment by Pankaj on 2013-04-30 at 09:31:07
Hello ,

I have set up plugin on my website, Proble here is how to check the permissions now for any function. Everything is fine with database setup. Just want to know how will we check if we have not granted permission for user to add (new user). Its not checking permissions.. any code on controller file or in view..??

Please kindly provide your help..

Thnx..in advance
comment by lenin on 2013-03-09 at 10:45:24 - frogfry.com
Great Work man! thank you very much..! appreciated.!
comment by teano on 2013-01-04 at 15:25:26
FYI: The sites "Roles permissions" and "Users permissions" don't work for me using firefox. The ticked/crossed symbols don't load weather ajax is enabled or not. No Problems with Chrome...
comment by ngae.net on 2012-10-08 at 16:20:43 - ngae.net
hi
Thanks.
comment by Dave on 2012-07-11 at 16:11:23
(Realized why no models - just has components.)
comment by Dave on 2012-07-11 at 15:13:20
Trying to use this with CakePHP 2.2, but getting Fatal Error memory....etc.

Have been trying to look through the code to see what needs updating for 2.2 if anything, but - I don't understand... there are no models, yet it looks like it's calling models to do things... what am I missing?
comment by sulayman on 2012-06-10 at 14:25:39 - www.sesa.af
How can we check the permissions on view level. I want users not to see the menu items that they don't have access to them.
Please help....
comment by darek on 2012-05-15 at 14:08:05
I have in routers.php:

Router::connect('/admin/acl', array('plugin' => 'acl', 'controller' => 'acl', 'action' => 'index', 'admin' => true));

In core.php:
Configure::write('Routing.prefixes', array('admin'));

and it show:

"You are not authorized to access that location."
and
"Error: UsersController could not be found."
comment by darek on 2012-05-15 at 13:31:04
Hello,

I have a question.

What I have write to routes.php and what write in core.php ?
When I write in browser: "myapp/admin/acl/", application redirect to: "myapp/admin/acl/users/login" ? Why ?
comment by Walter on 2012-04-05 at 21:00:26
To update: I got the plugin working. It works great. I had to add the Acl.AclManager to the $components var in the aros_controller file. Once I did this it works great. For some reason it is not including it from the acl_app_controller. If anyone has any idea why please let me know. In the mean time it is working.
comment by Walter on 2012-04-03 at 23:02:17 - r-u-readydesigns.com
Thanks for your plugin. I am having a problem with the 1.3 plugin. Everything seems to work except when I click on the Permissions link I get the following:
Undefined property: ArosController::$AclManager [APP\plugins\acl\acl_app_controller.php, line 40]

If you could point me in the direction I need to go to track this down I would appreciate it. I have downloaded the plugin again and reinstalled it. I get the same error.

Thanks.
comment by Cyril on 2012-02-15 at 12:44:53
Bonjour,
Je tiens à te remercier pour le travail que tu as fait. Ce plugin est bien fait et il facilite bien la vie. Peut-être un peu novice, je me permet de préciser si ça peut aider les autres que j'ai eu un petit problème pour le faire fonctionner mais qui n'était pas à dû à celui-ci. Si j'ai bien compris le composant acl_reflector.php utilise App:import dans la fonction get_all_app_controller() pour inclure les contrôleurs de mon application. L'encodage de mes fichiers contrôleurs posait problème à cette étape. J'ai encodé mes fichiers contrôleurs en UTF-8 sans DOM. Là tout fonctionne, la vie est belle.
Merci encore.
comment by Ryan on 2012-02-06 at 15:51:33
Thanks for the response- I really appreciate it. It works just fine now. This plugin is so helpful - great job!
comment by nIcO on 2012-02-06 at 09:14:09
Ryan,

I don't have much time right now, but to give you a quick and dirty answer, you can try to replace the 'get_all_app_controllers()' function in the AclReflectorComponent by this one:

public function get_all_app_controllers()
{
  $controllers = array();
  $folder =& new Folder();
  
  $paths = array(APP . 'controllers', ROOT . DS . 'shared' . DS . 'controllers');

  foreach($paths as $path)
  {
    //$didCD = $folder->cd(APP . 'controllers');
    $didCD = $folder->cd($path);
    if(!empty($didCD))
    {
      $files = $folder->findRecursive('.*_controller\.php');
        
      foreach($files as $fileName)
      {
        $file = basename($fileName);

        // Get the controller name
        $controller_class_name = Inflector::camelize(substr($file, 0, strlen($file) - strlen('_controller.php')));
        
        if (!App::import('Controller', $controller_class_name, true, $paths))
        {
          debug('Error importing ' . $controller_class_name . ' from APP controllers');
        }
        else
        {
          $controllers[] = array('file' => $fileName, 'name' => $controller_class_name);
        }
      }
    }
  }
  
  sort($controllers);
  
  return $controllers;
}

It is not that good because it contains your additional path hard coded, but it should work.

I have tried rapidly to get the paths set by your App::build() call and the result contains more than the two paths you give (e.g. the core controllers path is returned) and that would probably break the plugin logic later.
comment by Ryan on 2012-02-06 at 03:55:17
Thanks so much for the great plugin!

I'm using Cake 1.3.

I know that your FAQ page addresses the fact that some actions are missing due to being 'private', 'protected', or in default plugins controllers, etc. In my app, however, I have some actions missing that do not meet any of those conditions.

I have defined some additional controller paths in my bootstrap.php file using App::build(), as in the following example:

App::build(array(
	    'controllers' =>  array(
                ROOT.DS.APP_DIR.DS.'controllers'.DS, 
	    	ROOT.DS.'shared'.DS.'controllers'.DS
             )
));


The first path is the standard app path, and the second is a 'shared' folder I use for several applications. The ACL plugin finds the methods located in the first path, but it omits ones in the second. The CakePHP Book's automated tool for building ACOs, located at http://book.cakephp.org/1.3/en/view/1549/An-Automated-tool-for-creating-ACOs, does not make the same omission.

I've wondered if perhaps defining additional APP paths is against Cake convention and that those additional files should be in a plugin. As far as I could tell, though, I've indeed been following Cake conventions, as the instructions for defining additional paths are located in the comments of bootstrap.php itself. Is there any way to include controllers located in the additional paths without having to repackage them into a plugin?
<< previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9...11 | 12 |