CakePHP App with Auth + ACL and Plugin with Auth but no ACL

1
votes

I have a CakePHP app setup with Auth and ACL.

I have also made a Plugin within this app that includes a separate login to another part of the site away from the App. This uses Auth to login on a different table, and doesn't require ACL as users will be able to access all areas of this small section of the site.

I have managed to separate the two Auths using:

AuthComponent::$sessionKey= 'Auth.Recipient';

in the Plugin's AppController and

AuthComponent::$sessionKey= 'Auth.User';

in the App's AppController

This seems to work well and lets me login to both areas of the site separately.

Next when I tried to add more methods inside my Plugin I received the error: 

AclNode::node() - Couldn't find Aro node identified by "Array ( [Aro0.model] => Group [Aro0.foreign_key] => ) "

I tried running AclExtras.AclExtras aco_sync out of desperation but that, not surprisingly didn't work.

I attempted to work around this, by adding another group (I am using Group ACL) called "Customer" and then assigning all users created in my Plugin table the Customer group id.

This stopped the error, I next tried to add a new row for my users/initdb method for these users so that they could only access the customers controller. However, if they attempt to access this they are kicked out to the login page as if they do not have access to this controller.

Adding the method names to:

$this->Auth->allow('');

works but obviously isn't a solution, although is pointing me in the direction of this being permission related.

The ideal solution for me, would be one where I could simply stop the plugin having any inheritance of ACL from the App.

1
cakephpauthenticationcakephp-2.0aclcakephp-acl

1 Answers

0
votes

I have 2 possible suggestions for breaking the inheritence structure of CakePHP to prevent the plugin from loading the components

Pseudo App Controller

Create a new controller class for example MyAppController which extends the core AppController which can then be used as a parent for main app's controllers, while the core AppController which remains empty is used for the plugins. The plugins then do not inherit anything

Your structure should be something like

A normal AppController class

// app/Controller/AppController.php
class AppController extends Controller
{
    // left empty intentionally
}

A pseudo-AppController for your plugin

class MyAppController extends Controller
{
    // all code for the main app
    // used for all your normal app controllers

    public $components = array('Acl', 'Auth');

    // -- snip -- //

}

An example controller from the main app

App::uses('Controller', 'MyAppController');
class PostsController extends MyAppController
{
}

And the plugin app controller

class PluginAppController extends AppController
{
}

This will prevent any methods or instance variables being inherited by the plugin, but obviously is not great design as you will loose any methods you wish to share between the App and its plugins. Unless you extract them into components and add them to the AppController

Override the plugin controller __construct

Take advantage of OOP and override the __construct method in the plugins PluginAppController to prevent the ACL component from being loaded at all 

class PluginAppController extends AppController
{
    public __constrcut($request = null, $response = null)
    {
        // modify this to prevent components you don't want
    }
}