CakePHP 2.0    Plugin ACL    

ACL Plugin for CakePHP 2.0

The core of CakePHP contains a system to control access rights based on Access control list. This mechanism is very useful, but I have to admit, not very easy to dive in the first time you try to use it.

Moreover, CakePHP doesn't provide out of the box an interface to configure the rights managed through ACL.

This plugin is such an interface allowing to manage permissions of your application's users and roles.

Technically, it allows to manage the content of the aros, acos and aros_acos tables, used by the CakePHP ACL Component. Its interface is partially inspired by the one you can find in the Croogo CMS, and a part of the code comes from this tutorial of the CakePHP documentation.




  • CakePHP 2.0.x

  • a website whose access rights are managed through the ACL Component. A good introduction on how to use this Component can be found in the CakePHP documentation.

  • a table in your database containing the users (its name can be configured)

  • a table in your database containing the roles (its name can be configured). The example given in the tutorial above uses for instance a table called groups and not roles.


  • creation of acos for each action of your controllers

  • automatic detection of new controllers and/or actions

  • clear display of roles permissions

  • clear display of users specific permissions

  • easy edition of roles permissions (through AJAX)

  • easy edition of users specific permissions (through AJAX)


A sample application containing the ACL plugin can be found here. It is built with CakePHP 1.3 and the corresponding plugin version, but the functionnalities are the same so far.


This plugin is available on the downloads page.


  • copy the folder acl in your folder /app/plugins

  • configure the admin route (see

  • copy the parameters found in Acl/Config/bootstrap.php in your file /app/Config/bootstrap.php or load the plugin with its own bootstrap.php file (CakePlugin::load('Acl', array('bootstrap' => true));)

  • access the plugin by navigating to /admin/acl


parameter explanation
acl.aro.role.model Name of the model representing the roles

Typically: "Role" ou "Group"
acl.aro.role.primary_key Allows to force the name of the roles primary key

Can be left empty if this name follows the CakePHP conventions ("id")
acl.aro.role.foreign_key Allows to force the name of the role foreign key

Can be left empty if this name follows the CakePHP conventions (e.g. "role_id")
acl.aro.user.model Name of the model representing the users

Typically: "User"
acl.aro.user.primary_key Allows to force the name of the users primary key

Can be left empty if this name follows the CakePHP conventions ("id")
acl.aro.role.display_field Name of the field used to display the roles

Typically: "name"
acl.role.access_plugin_role_ids An array containing the roles ids being in all cases allowed to access the plugin (by bypassing the ACL permissions).

Useful to not being denied access from the ACL plugin when we manipulate the ACL permissions.
acl.role.access_plugin_user_ids An array containing the users ids being in all cases allowed to access the plugin (by bypassing the ACL permissions).

Useful to not being denied access from the ACL plugin when we manipulate the ACL permissions.
acl.user.display_name The name of the field to use to display the users

It can also be a SQL expression such as:

CONCAT(User.lastname, ' ', User.firstname) for MySQL
acl.check_act_as_requester Indicates wether the presence of the ACL Behavior configured as Requester in the user and role models must be automatically verified when the plugin is accessed
acl.gui.roles_permissions.ajax Indicates wether the roles permissions page must be loaded through AJAX.

Depending on the number of permissions to check, this page may takes much time to load. To prevent a webserver timeout, it is possible to configure the page loading through AJAX.
acl.gui.users_permissions.ajax Indicates wether the users permissions page must be loaded through AJAX.

Depending on the number of permissions to check, this page may takes much time to load. To prevent a webserver timeout, it is possible to configure the page loading through AJAX.


Looking for a CakePHP 1.3 version ?

Page created on : 2011-12-09 16:15:54 | last update : 2011-12-15 12:33:56

New comment

Your name
Your email
won't be displayed on the website
Your website
Your comment
  • URLs and email addresses surrounded by spaces are automatically activated
  • to include a block of code, surround it with [code]...[/code]


<< newer | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
comment by Rodrigo Bertoncello on 2014-04-12 at 04:30:42 -
My project is installed in "home/user/app", (above "public_html"), I'm not able to config router to make work "/admin/acl".
Someone did already resolve this question ?
comment by Dalma on 2014-03-21 at 21:34:11
I found the problem with my installation. When I had originally installed ACL and included it in my AppController.p as a component I typed 'ACL' whereas I should have typed 'Acl'.
comment by Dalma on 2014-03-20 at 14:44:29
I'm trying to implement this plugin for Cakephp 2.4.5

I have encountered the following error:

Error: Call to a member function find() on a non-object
File: C:\wamp\www\fileshare\Plugin\Acl\Controller\ArosController.php
Line: 179

This is loop of logic being executed and it fails on the $this->Acl->Aro->find statement

I have tried to print out $this->Acl->Aro and it is not defined

I have been trying to solve this for a day now and being new to Cakephp I don't think I have enough experience yet to determine the cause.

I would appreciate any help.

foreach($users as &$user)
$aro = $this->Acl->Aro->find('first', array('conditions' => array('model' => $user_model_name, 'foreign_key' => $user[$user_model_name][$this->_get_user_primary_key_name()])));
if($aro !== false)
$user['Aro'] = $aro['Aro'];
$missing_aro = true;
comment by watchout on 2014-03-15 at 16:00:14

It seems that the path to the images, css and js-files is not right. The path is pointing to /acl/img/ajax/waiting16.gif, but in the console this is a 404. The solution to make the plugin work again, must lay in correcting the paths to the images and js files..
comment by vhinx on 2014-03-12 at 02:29:31

just try to include the Auth component in AclAppControoler

class AclAppController extends AppController
var $components = array('RequestHandler', 'Acl.AclManager', 'Acl.AclReflector','Auth');
comment by Pablo Godoy on 2014-03-11 at 00:57:26
Hi, Im having a problem when using this plugin. I really appreciate your help with that.

Error: Call to a member function user() on a non-object
File: C:\xampp\htdocs\cakephp\app\Plugin\Acl\Controller\AclAppController.php

Thanks for your time.
comment by vhinx on 2014-03-06 at 08:42:59
hi All

i had issue during my installation of this plugin. the Auth compenent didn't inherit with this Acl.AclManager component inside the AclAppController

when i run the program the error is User is not defined

and i added the Auth component in AclAppController to fix the problem

thanks ! for this plugin

comment by Kanchan on 2014-02-17 at 08:14:36
Hi All,

Using cakePhp 2.4.5 version.

Everything working fine, but the cross button and check button get loaded and then get disabled, on user_permissions navigation, same happen with role_permissions navigation.

Please help me.


Can you please update me on how to resolved jQuery issue????

comment by Thomas on 2014-02-15 at 06:30:19 -
I had issues when moving from Windows development server to linux live server. It turned out that the folder in the app/Plugin was case sensitive and had to be called Acl, not acl.

Hope this helps someone.

(I also noticed that acl_extras needed to be AclExtras).

Hope this helps someone.

CakePHP v 2.4.4
comment by Danny on 2014-02-05 at 12:30:54
Upon running the ACL list I get a 403 in Dev Console, and in the inspector it shows this for most of my ACOs.

The ACO node is probably missing. Please try to rebuild the ACOs first.

Any ideas?

Other than that, great plugin :)
comment by Sjoerd Op 't Land on 2014-01-25 at 16:06:54
Very enthusiast about your plugin, just one question, after logging out, I need to perform a $this->Session->destroy() to flush the permission cache. I currently perform this in the UsersController. Is there a better place to do this?
comment by Sumit on 2013-12-14 at 08:27:52

Thanks for this plug-in.. I've been able to integrate it with my app using instructions available on cake book and here.. But I'm facing a prob with (Permissions -> Role Permissions). On clicking this link, all the table enteries are in "waiting" (for all actions and roles matrix).

I activated firebug to see whats happening. All the "GETs" were struck in waiting mode.

I'm using "Group - only" mode. ARO table has entry for each group. ACO has all controllers/actions (around 300). aros_acos has been blank, so I added one entry to start with, for the top most node of ACO for user_id - 1. ( tried with assigning this to all users, but same result)

Please help!
comment by Manu on 2013-12-06 at 20:50:43
comment by Manu on 2013-12-06 at 20:34:39
BTW, I forked on gitHub and made a version compatible with twitter bootstrap framework, so if you want to help troubleshooting, it's here : />
See you in the issues :)
comment by Manu on 2013-12-06 at 20:32:26
Hi everyone !
For people trying to get the plugin working with cake 2.4.x, there's an issue with jQuery... Ajax requests for specific acls keeps its response in a span with 'hidden:none' style.

If anyone of you have a solution, that'd be great :)
comment by Liesbeth on 2013-12-05 at 10:33:13

I'm having a bit trouble with the prefix routing.

I've followed the installation steps and the plugin is working correctly. However, when I'm on a page of your plugin and I want to go back to a page from my app, I get this error:

Warning (512): DbAcl::check() - Failed ARO/ACO node lookup in permissions check. Node references:
Aro: Array
    [User] => Array
            [id] => 1


Aco: courses/admin_index [CORE/Cake/Model/Permission.php, line 94]

The url seems to be pointing at :
instead of:

I'd be very happy if anyone could help me with this.


comment by Pierrot on 2013-11-27 at 22:41:33
Dear Sir, Thank for this plugin. I just have a doubt. I do not have a table Roles. My table is called Groups. What should I modified in order to keep my table Groups. I tried to install the plugin but at the end it states that the Role model is missing.
Thank a lot to indicate the modification I should do :o)
comment by Marnie Nickelson on 2013-11-25 at 22:53:18
Thank you so much for the great plugin! It has really helped smooth the way for permission management for me!
comment by Paco on 2013-11-15 at 10:39:06
Sorry, I0m newbye and I dont know how to configure the prefix routes.

I put 'Configure::write('Routing.prefixes', array('admin'));' in core.php


'Router::connect('/admin', array('controller' => 'pages', 'action' => 'index', 'admin' => true));' yn my routes.php

but it isnt working through MyApp/admin/acl path

Someone could help me?
comment by marcelo on 2013-11-11 at 14:55:20
i'm working with a existing database, out of cake's convention, form example, it does not have a users' tables or group table, instead, it has tbladmins and tbladminroles.
1	id	int(10)		
2	roleid	int(1)			
3	username	text	
4	password	varchar(32)
5	firstname


1	id	int(1)			
2	name	text	
3	widgets	text	

in this context, is still possible to use your plugin? if yes, can you help on the bootstrap config:
Configure :: write('acl.aro.role.foreign_key', '');
thanks in advanced;
<< previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |