On Thu, Sep 9, 2010 at 4:29 PM, calzone <calzone@xxxxxxxxx> wrote:
> I am using ACL, but not terribly comfortable with it. I'm still
> trying to figure out how to make it grant "ownership" of content that
> is created by one user so only he can see it, or for other content,
> that is created by a user belonging one department so that other
> departments can't see stuff that doesn't belong to them (while still
> allowing users from the managers group to see all the departments they
> oversee, and superadmins to see everything). At the same time, the
> concepts of departments is a separate lookup table from the actual
> groups table for the ACL permissions.
Yes, it's a huge can of worms.
> I thought ACL only kicked in after the user has authenticated and that
> before that happens, for unauthenticated guests, you are stuck with
> whatever Auth allows or denies.
Yes, that's what I meant about actions vs parameters. But, if you need
a fine-grained system to grant access to the pages, what I suggested
won't work. I thought you only had 2 classes of users: those who could
see all pages, and those who should only see 'home'. If you need to
grant different access to some pages for already-authenticated users
you'll need to either use ACL or something you roll yourself.
Actually, on second thought, I suppose that the approach I suggested
would still work. But you'll still need some ACL business in your
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
To post to this group, send email to cake-php@xxxxxxxxxxxxxxxx
To unsubscribe from this group, send email to
cake-php+unsubscribe@xxxxxxxxxxxxxxxx For more options, visit this group at