The Bakery Everything CakePHP

Hello,

I tried distinct syntax for the SAME aro object and results are different / wrong :

$this->Acl->check($this->Auth->user(), 'Tools/list'); -> this works fine (result = true)

$this->Acl->check(array('model'=>'User','foreign_key'=>$this->user["User"]["id"]), 'Tools/list'); -> bad result (result = false)

$this->Acl->check('User:4', 'Tools/list'); -> dispatch a warning: Invalid argument supplied for foreach() [ROOT/cake_1.2.2.8120/cake/libs/set.php, line 1046] -> and bad result (result = false)

With the core Acl components, the 3 syntaxes return true...

It seems that __cachePath() in the component don't return the same thing :
For syntax 1: return "Tools_list.User_id_4"
For syntax 2: return "Tools_list.model_User"
For syntax 3: return "Tools_list."

Thank's for this update. It's Ok.

But another problem occurs with the check() function.

You write in this function:
 if ($check == false) { But if the cached value for acl is "0", Cache:read() returns "0" and then this condition is true, so the function calls "parent::check...'

I modified the code like this :
function check($aro, $aco, $action = "*") {
        $path = $this->__cachePath($aro, $aco, $action);
        $check = Cache::read($path, 'acl');
        if ($check === false) {
            $check = parent::check($aro, $aco, $action);
            Cache::write($path, $check ? 1 : 0, 'acl');
        } else {
            $check = $check == true;
        }
        return $check;
    }
And it's work fine for me (no sql request left when acl are cached)
The modifications are:
1. if ($check === false) (=== in place of ==)
2. Cache::write($path, $check ? 1 : 0, 'acl'); (1 in place of true)
3. $check = $check == true; (== in place of ===)

I have extended the original acl component to check for group access as well as user access. Everything works until I enable the cached acl component too. The result is true when I run the acl check from the controller using:
$this->Acl->check(array('model' => 'User', 'foreign_key' => $aroId), array('model' => 'User', 'foreign_key' => $acoId), $action) The result is null when it should be true when I run the acl check from the custom component (stripped down to only do the basic one line check:
$this->controller->Acl->check(array('model' => 'User', 'foreign_key' => $aroId), array('model' => 'User', 'foreign_key' => $acoId), $action) Any ideas?

Talked to you on IRC yesterday, have you found the problem?

I just thought of one looking at your code again. That second param is an array, with a model, but was built to support action paths like "/controllers/users/add". So this might be the problem you are facing.
Initially that seems to have solved the problem. I have tested Acl->check() using the alias instead of model=>, user=> for the aco.

Nice work - thanks Frank. I love it when something works straight out of the box!

I have my $action as array, and I change __deleteCache function as:


/**
     * Deletes an ACO from the cache.
     *
     * @param string $aro ARO
     * @param string $aco ACO
     * @access private
     */

    function __deleteCache($aro, $aco, $action) {
        if (is_array($action)) {
            foreach ($action as $act) {
                Cache::delete($this->__cachePath($aro, $aco, $act, true), 'acl');
            }
        }else {
            Cache::delete($this->__cachePath($aro, $aco, $action, true), 'acl');
        }
    }


I have a question about how the cachePath is supposed to work. I tried an action, controllers/Users/test, for User:2 that didn't have permission. The cache gets written as denied like it should, then I granted access User:2 for controllers, all. When I check again it still says access denied because it didn't delete the cache file for User:2 with 'controllers_users_test.user_2'. It only checks 'controllers_users_test.user_2' path instead of anything below controllers, controllers_*.user_2 to delete. Is that the way it's supposed to work and is there an easy way to make it delete the cached files of the whole path instead of that single action for that user so that it works correctly?

The point of this Component is obviously to help you speed things up, however, there is one big drawback to it. You've still got to read and serialize a file for every check that you make.

One way that this can be alleviated is to update the component to understand user types/roles/groups and to flag users that have permissions specially assigned to them (instead of the user group). This takes a little bit of work to modify the user model, your user data structure, and the CacheAcl component itself but the end result is a big performance boost.

Say, for example, I were to check 50 ACL permissions on a single page (because I'm crazy like that). The component checks the user session and sees that the user does not have special permissions, so it changes the Aro to the User Type instead. That alone will give you a boost by consolidating cache files down for most users.

Now, if we take it a step further and keep all of the checks for that user type in a single associative array, written out to a single permissions cache file for the User Type and suddenly we're reading a single cache file for all the permissions associated with that user - 1 time.

If the Aro isn't a user or user type, default back to the original caching behavior (to handle everything else). These updates will allow you to fully take advantage of ACL for users across your entire application with very little concern for performance.

Hello!
I can't find the cached_acl.php component. Can anybody say from where I can get the component?

Thank you for the link. Have a great weekend.
cotes football