Auth ACL -- A Complete Solution

Well It's been some time since I wrote a decent blog entry, so to make up for it, and to help explain the time that has passed, I'm offering a complete ACL/Auth Soultion that has been used by me n several production sites so far, and I intend to continue using for more time to come.

I have written a couple of small articles regarding ACL/ Auth Usage. This will not recover old ground, but instead be a tutorial on how to incorporate my offerings into your site.

As it is late tonight, I will pick upwhere I have left off and continue tommorow with a guide. For now, know that the folderstructure is the same as is used in CakePHP 1.2 and simply dropping in to a test app would be the best way to start. There are a few things to tweak, and I shall cover these tommorow.

For now the package can be found at http://mentalramblings.info/files/t73_auth_acl.tar.bz2

OK Now for part 2!

Extract the package to a location, and be sure to add in the cake core for the app, or link to your local copy. Once it's in place, you can create and dump the sql from /app/config/sql into your db.

While your in /app/config create a file called sandbox.php based off of ssandbox.php.default as this is the file I use for development. It allows me to easily switch between locations and store local based variables. I use SVN for my projects, and I simply svn:ignore the file sandbox.php. Within the file are Defined constants for the database.php file to be able to access the db. Simply fill in with the details of your system. Be sure also to set the debug level in sandbox.php to level 2 or 3 as this will help you later to figure out the password for admin.

Lastly, be sure to change the Salt value in your core.php file to something unique. There is a bake command for it I do believe, however I can't remeber at this point in time. PErhaps someone would like to comment on this?

OK now for the password for admin. browse to /users/login and use the email address of admin and whatever password you would like. This will fail. However, when you scroll down and look at the SQL queries(You did set your debug level > 2 right?), you will see a query for users and a hashed password. Copy the hashed password to the admin row in the users table in MySQL, using phpMyAdmin or some other method. Then you should be able to login to the account.

/admin/users/acl -- This location will allow you to start the permissions process for setting group permissions. Select a group to edit by clicking view for the appropriate group. You will then be shown a screen for acl permissions based upon that group. The dropdown list has the controllers available in your application and their actions. Simply click on an item in the allowed or denied list to move it to the other list.

/admin/users/acl_reset -- Use this location only in extreme emergencies. This will set all permissions for all actions in all controllers to Allowed for admin user #1 and denied for everyone else. It is important to retain admin as User.id == 1 with User.group_id == 1 for this to work.

I hope this works well for everyone without issues, or even small issues if there are indeed. Let me know what you think of this.

Ron Chaplin