Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Based on your aro_aco table, it looks like this is correct behavior. User.4 belongs to the admins group which has update permission. set to true in row 8. You have a rule in row 8 specifically for User.4, but you have granted update permission specifically to that user in that row. It appears that the ACL rules are working exactly as you have them setup. To prevent User.4 from using the update permission, run this at the cake command line to update your rules for User.4:</p> <pre><code>cake acl deny User.4 House.1 update </code></pre> <p>It should then return false when you run a check:</p> <pre><code>cake acl check User.4 House.1 update </code></pre> <p><strong>EDIT</strong></p> <p>I'm going to attempt to revise this based on comments left below. I think that you may still be setting up the rules incorrectly. I am going to use the command line examples (because it's either to both type and to do in practice) but you can just as easily write the PHP to do this. My examples below also focus on admin, but you could use for the superadmin and users groups too.</p> <p>First, deny everything to admins since we want to grant permissions individually:</p> <pre><code>cake acl deny admin Houses all </code></pre> <p>Then, grant the read only permission to admin so they can all read Houses:</p> <pre><code>cake acl grant admin Houses read </code></pre> <p>Lastly, grant the update permission to the specific user that gets update privileges:</p> <pre><code>cake acl grant User.4 Houses.1 update </code></pre> <p>These permissions should allow User.4 to read and update the House record. Keep in mind that if you have already created deny or allow records for User.4 then this example may not work. You may want to truncate your aco_aro table and start over since it's small at this point.</p> <p>If all acl checks work, but the behavior is still incorrect, then you may have an issue with how the ACL component is authorizing an action. You may have to tweak those settings in $beforeFilter or your $components array.</p>
    singulars
    1. This table or related slice is empty.
    1. POCakephp 2.0 row/record-level Acl
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USScott Harwell
    1. USScott Harwell
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COHi, thanks for your response! That seems to work correctly, but if i try to edit that house via the web-interface, it says i don't have access to that resource. I've also tried to set up the rules manually like this: $this->Acl->deny(array('model' => 'User', 'foreign_key' => 4), 'Houses'); $this->Acl->allow(array('model' => 'User', 'foreign_key' => 4), 'Houses', 'read'); $this->Acl->allow(array('model' => 'User', 'foreign_key' => 4), array('model' => 'House', 'foreign_key' => 1)); However, if i allow the user 4 to have update access to the entire House model, it works. Thanks again alex
      singulars
      1. PO
      1. USAlexFr.
    2. CONot sure I quite understand what's happening now. If the user has update access to the House model, but denies update access on House.4, then it should not give you update access there. Are you still looking for the check to return false, or have you solved that part?
      singulars
      1. PO
      1. USScott Harwell
    3. COWell no, i think made some mistakes describing my problem: What i want to achieve is, that a group of users (administrators) have read-only access to all of the records, but update access to some of them. Up here, i tried to do the following: 1.) Deny access to the user (later on, i'll do that for the user-group, but for simplicity i only modify the single user) 2.) Allow read-only access for the user for all of the records 3.) Allow the user to update one specific record. Am i doing something wrong? 10000000000 thanks again!
      singulars
      1. PO
      1. USAlexFr.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload