I am porting from CakePHP 2 to 3 and have noticed that the names in the 'model' field of the Aros table should now be plural (i.e. 'Group' is now 'Groups' and 'User' is now 'Users'). Is there a way to force the plugin to look for the singular form of the model name so that the database is not changed? Thanks.

Hi,

I'm just wondering if there's a documentation on how to use this plugin.

Most are already using space indents. Some files imported from acl_extras are still using tabs and original cakephp CS.

How to use ADmad/cakephp-jwt-auth with acl

I set up all the acl and authentication but by doing a get it returns me
AclNode :: node () - Could not find Aros node identified by "Array ([Aros0.model] => Users [Aros0.foreign_key] => 1)"

My controller

$this->loadComponent('Auth', [ 'authorize' => [ 'Acl.Actions' => ['actionPath' => 'controllers/'] ], 'authenticate' => [ AuthComponent::ALL => ['userModel' => 'Employes'], 'Form' => [ 'fields' => [ 'username' => 'email', 'password' => 'senha' ], 'scope' => ['Employes.status' => 1] ], 'ADmad/JwtAuth.Jwt' => [ 'parameter' => 'token', 'scope' => ['Employes.status' => 1], 'queryDatasource' => true ] ], 'unauthorizedRedirect' => false, 'checkAuthIn' => 'Controller.initialize', 'storage' => 'Memory' ]);

The name of my tables employes and roles where they are configured

Employes entity
public function parentNode() { if (!$this->id) { return null; } if (isset($this->role_id)) { $roleId = $this->role_id; } else { $employes = TableRegistry::get('Employes'); $employes = $employes->find('all', ['fields' => ['role_id']])->where(['id' => $this->id])->first(); $roleId = $employes->role_id; } if (!$roleId) { return null; } return ['Roles' => ['id' => $roleId]]; }

could better help us use ACL in cakephp 3.0?

Hi

Is there a way to run the shell command

"bin\cake acl_extras aco_sync"

from a controllers action?

If so, could you provide an example please?

Thanks,
Frank

I'm implementing CakePHP/Acl with the FriendsOfCake/Crud plugin, and after sync'ing all acos, none of the Crud actions appeard in the Acos table. This is because these actions aren't really methods, which isn't detected by AclExtras.

I think it would be a good idea to make it possible for plugins to extend or receive an event to add/manipulete there own actions/methods on a sync. Any ideas/comments?

cake acl.aclExtras aco_update

Created Aco node: controllers/Base
PHP Fatal error:  Cannot instantiate abstract class App\Controller\BaseController in vendor/cakephp/acl/src/AclExtras.php on line 297

This came into my mind about fixing this issue, btw should I just make PR's straight away for this kind of stuff?

Change line AclExtras.php : 297:

    protected function _checkMethods($className, $controllerName, $node, $pluginPath = false)
...
        $actions = get_class_methods(new $namespace);
...

To:

    protected function _checkMethods($className, $controllerName, $node, $pluginPath = false)
...
        $reflectionClass = new \ReflectionClass( $namespace );
        $actions = null;
        if ($reflectionClass->IsInstantiable()) {
            $actions = get_class_methods(new $namespace);
        }
...

Hello,

I'm trying to use the CachedDbAcl Adapter and there are an issue.

I'm using the configuration with GroupOnly as mentioned in the doc.
But the Adapter create cache file for $alias . '_' . $ref[$name]['id'] as you can see here :

https://github.com/cakephp/acl/blob/master/src/Adapter/CachedDbAcl.php#L101

Instead of that, it must check if a bindNode() exist in the entity, like in the node() method :
https://github.com/cakephp/acl/blob/master/src/Model/Table/AclNodesTable.php#L114-L139

I have added this code to the method _getNodeCacheKey() :

protected function _getNodeCacheKey($ref)
{
    if (empty($ref)) {
        return '';
    } elseif (is_string($ref)) {
        return Inflector::slug($ref, '_');
    } elseif (is_object($ref) && $ref instanceof Entity) {
        return $ref->source() . '_' . $ref->id;
    } elseif (is_array($ref) && !(isset($ref['model']) && isset($ref['foreign_key']))) {
        $name = key($ref);
        list(, $alias) = pluginSplit($name);

        $bindTable = TableRegistry::get($name);
        $entityClass = $bindTable->entityClass();

        if ($entityClass) {
            $entity = new $entityClass();
        }

        if (empty($entity)) {
            throw new Exception\Exception(__d('cake_dev', "Entity class {0} not found in CachedDbAcl::_getNodeCacheKey() when trying to bind {1} object", [$type, $this->alias()]));
        }

        $tmpRef = null;
        if (method_exists($entity, 'bindNode')) {
            $tmpRef = $entity->bindNode($ref);
        }

        if (empty($tmpRef)) {
            $ref = [
                'model' => $alias,
                'foreign_key' => $ref[$name][$bindTable->primaryKey()]
            ];
        } else {
            $ref = $tmpRef;
        }

        return $ref['model'] . '_' . $ref['foreign_key'];
    } elseif (is_array($ref)) {
        return $ref['model'] . '_' . $ref['foreign_key'];
    }

    return '';
}

And now it work as expected (Group only):

Hello, In this file;

File: src/Model/Behavior/AclBehavior.php L142:

if (method_exists($entity, 'nodeAlias')) {
    $data['alias'] = $entity->nodeAlias;
}

Why he check if method exists and then get the value of property?
To make this work I put this code in method parentNode to initialize the value:

$this->nodeAlias = $this->nodeAlias();

Did I miss something?

throw Error :The datasource configuration "" was not found.

<?php
namespace App\Model\Table;
use Cake\Event\Event;
use Cake\ORM\Table;
use Cake\ORM\Entity;
use Cake\Validation\Validator;
class MenusTable extends Table
{
    public function initialize(array $config)
    {
        $this->addBehavior('Tree');
        $this->addBehavior('Acl.Acl',['type' => 'controlled','alias'=>true]);
    }

My datasource configureation is fine.

Acl bootstrap.php

use Cake\Core\Configure;

if (!Configure::read('Acl.classname')) {
    Configure::write('Acl.classname', 'DbAcl');
}
if (!Configure::read('Acl.database')) {
    Configure::write('Acl.database', 'default');
}

In cakephp 2.x it's possible to bind user to the group's Aro, thus when a user is save, the acl component will bind the user record to the group's Aro record. In authorization the user will be bind to the group's Aro too.
But in cakephp 3.x this feature is not avaiable.

This plugin is not able to handle routes with nested prefixes.

eg:

$ bin/cake acl view aco controllers/Croogo\\Nodes
---------------------------------------------------------------
Aco tree:
---------------------------------------------------------------
  [171] Croogo\Nodes
    [473] Admin
      [474] Nodes
    [667] Api/v10

Node 667 should be Api, with V10 as its child, ie:

$ bin/cake acl view aco controllers/Croogo\\Nodes
---------------------------------------------------------------
Aco tree:
---------------------------------------------------------------
  [171] Croogo\Nodes
    [473] Admin
      [474] Nodes
    [667] Api
      [xxx] V10

This is a enhancement.

By cake3 prefix, I think acl plugin cannot detect whether the aco is prefix alias or plugin alias in database.
Then, this causes issue like a #127 .

I wonder if adding controllers/plugins namespace to aco for handling plugin controller acos will solve this issue.
Also, this change will break compatibility.

1. Created empty db tables.
2. Created root aro node through shell.
3. Deleted node: cake acl.acl delete aro Test
4. Expected results: row deleted from database.
5. Actual results: error message.

Node was found with id 2 but can't be deleted because Entity thinks it's new.
Everything goes as it should until ORM/Table instructs _processDelete caller to rollback.

Not sure if this is cakephp / ORM / Entity issue or ACL plugin issue.

@ORM/Table / _processDelete:

....
    protected function _processDelete($entity, $options)
    {
        if ($entity->isNew()) {
            return false;
        }
....

From @notoriousturtle on July 6, 2017 6:26

• bug

• feature request (see bottom of post)

• CakePHP Version: 3.7.7

• Platform and Target: 7.0.18-0ubuntu0.16.04.1

What you did, what happened

Trying to grant access to an aco when it has already been denied at least once does not work. I encountered this problem when trying to grant my administrative users access to a particular aco that I had denied previously.

This would say Permission granted, but wouldn't actually work:

$ bin/cake acl grant Groups.1 controllers/manage/Tracks/index

After messing with it for a while I tried to recover aro/aco. This didnt help.

I resolved this by deleting the aco, then granting permission again, like so:

$ bin/cake acl delete aco controllers/manage/Tracks/index
Aco deleted.

$ bin/cake acl_extras aco_sync
Created Aco node: controllers/Manage/Tracks/index
Aco Update Complete

$ bin/cake acl grant Groups.1 controllers/manage/Tracks/index
Permission granted.

Then when I accessed the aco as an administratively grouped user it worked.

What you expected to happen

I expect deny, then granting again to allow access to the aco.

Also, is it possible to get a bit more documentation on Cake's ACL stuff. Also, is there any way I can get a listing of all permissions for a specific aco, such as /manage/Tracks/index? And is there a way to get a list of what aco's a user group has access to? Thanks.

Copied from original issue: cakephp/cakephp#10869

Hello
I have followed the simple acl app tutorial.
Once I add the acl functionality I can't login. It keeps telling me my username and password is incorrect on every user. There might be something wrong with the plugin and cakephp 3.2.x.
The app is making sql queries.

Looks like generating Aco's when using prefixes is a bit broken at the moment ?

In Cake 2, there're some options, whether to store the ACL in db or in file. How could I do if I'd like to use file-stored ACL here?

Thanks

I try to play with this plugin today and i have some proposals to improve acl functionality.
Rewrite adapters with possibility to check acl from files located in plugins.
Each plugin can ship default acl setup stored in any format. Any acl action don't care about format.
App acl file can override plugins acl setups.
Any acl file setup can be imported to db and edited after import. In this case acl files ship default permissions if app use db based ACLs

bin/cake acl_extras verify aro
results in

Exception: Unknown method "verify" in [/pathToCake/vendor/cakephp/cakephp/src/ORM/Table.php, line 1719]
2015-02-07 22:08:16 Error: [BadMethodCallException] Unknown method "verify"
Stack Trace:
#0 /pathToCake/plugins/Acl/src/AclExtras.php(337): Cake\ORM\Table->__call('verify', Array)
#1 /pathToCake/plugins/Acl/src/AclExtras.php(337): Acl\Model\Table\ArosTable->verify()
#2 /pathToCake/plugins/Acl/src/Shell/AclExtrasShell.php(159): Acl\AclExtras->verify()
#3 [internal function]: Acl\Shell\AclExtrasShell->verify('aro')
#4 /pathToCake/vendor/cakephp/cakephp/src/Console/Shell.php(376): call_user_func_array(Array, Array)
#5 /pathToCake/vendor/cakephp/cakephp/src/Console/ShellDispatcher.php(200): Cake\Console\Shell->runCommand(Array, true)
#6 /pathToCake/vendor/cakephp/cakephp/src/Console/ShellDispatcher.php(171): Cake\Console\ShellDispatcher->_dispatch()
#7 /pathToCake/vendor/cakephp/cakephp/src/Console/ShellDispatcher.php(122): Cake\Console\ShellDispatcher->dispatch()
#8 /pathToCake/bin/cake.php(20): Cake\Console\ShellDispatcher::run(Array)
#9 {main}

Why yet "This is a non-stable plugin for CakePHP 3.0 at this time"? I didn't install this plugin ! i was tired , also this plugin dosen't have a good Redame for help us.I didn't run shell plugin,i had to create a plugin for acl cakephp 3.you can see my repository.that's name AclManager

Hello,
I do not know if the problem comes from the ACL or CRUD plugin.
I have a GroupsTable with:

public function initialize(array $config) {
    $this->setTable('groups');
    $this->setDisplayField('name');
    $this->setPrimaryKey('id');
    $this->belongsToMany('Users', [
        'foreignKey'       => 'group_id',
        'targetForeignKey' => 'user_id',
        'joinTable'        => 'groups_users'
    ]);
    $this->addBehavior('Acl.Acl', ['type' => 'requester']);
}

And a GroupEntity with:

public function parentNode() {
    $this->nodeAlias = $this->nodeAlias();
    return 'Groups';
}
public function nodeAlias() {
    return $this->name;
}

When I use the CRUD delete action, cakephp make this request;

SELECT
    Aros.id AS `Aros__id`,
    Aros.parent_id AS `Aros__parent_id`,
    Aros.model AS `Aros__model`,
    Aros.foreign_key AS `Aros__foreign_key`,
    Aros.alias AS `Aros__alias`,
    Aros.lft AS `Aros__lft`,
    Aros.rght AS `Aros__rght`
FROM aros Aros
WHERE Aros.group_id in (:c0)

c0 = '39' who is my group ID
But the correct statement should end with:

WHERE Aros.model = 'Groups' AND Aros.foreign_key in (:c0)

Otherwise the add function works correctly.

What is the problem?

I use the last version of cakephp and the plugins

Cake\Network\Request is deprecated, are you guys planning on upgrade this plugin?

https://github.com/cakephp/acl/blob/4f218cd2fb6d92cc3f44b9342db6a6cfa4b87c48/src/Auth/ActionsAuthor
ize.php#L17

All existing tests merged from AclExtras are all marked as incompleted. These needs to be brought up to date for cake3.

It would be nice if support Cell.

using ./cake acl.aclExtras aco_sync to fill the acos table outputs me a stranger log:

Welcome to CakePHP v3.0.0-RC1 Console

App : src

Path: /home/di/public_html/test/app/src/

Created Aco node: controllers/Usuarios/profile
Created Aco node: controllers/Usuarios/change_password
Created Aco node: controllers/Usuarios/index
Created Aco node: controllers/Usuarios/admin_index
Created Aco node: controllers/Usuarios/admin_edit
Created Aco node: controllers/Usuarios/admin_create
Deleted Aco node: controllers/Usuarios/profile
Deleted Aco node: controllers/Usuarios/change_password
Deleted Aco node: controllers/Usuarios/index

I have a 'Admin' prefix set, the aco_sync function create the normal and prefix Controller actions thats ok but then the normal actions are deleted

src/Controllers/Usuarios (this actions are created and then deleted)
src/Controllers/Admin/Usuarios

I do not know if it's intentional but the App node for AppController.php is also created, i dont remember to see this on version 2.x

Since cakephp/cakephp#3662 has been merged, we should adjust this plugin to use the new layout

I wanted to import data from my users table into aros table and here's what I ended up with.

My idea is to generate ARO nodes based on another table, like Users or Roles or whatever. However, this probably requires some reviews and discussion about usefulness and possible problems with different requester designs.

For example, console command cake acl.aclExtras aro_update Users would generate something like:

$> cake acl.aclExtras aro_update Users
$> cake acl.acl view aro
Aro tree:
---------------------------------------------------------------
[1] Users
    [2] Users.1
    [3] Users.2
    [3] Users.3

Quick mockup that generates ARO nodes using supplied model name as data source:

Class Shell\AclExtrasShell

/**
 * Updates the Aco Tree with new controller actions.
 *
 * @return void
 **/
    public function aroUpdate()
    {
        $this->loadModel($this->args[0]);
        $this->AclExtras->aro_update( $this->{$this->args[0]} );
        return true;
    }

Class AclExtras

/**
 * Updates the Aro Tree with new requesters.
 *
 * @return void
 **/
    public function aro_update( $aro_import_model ) {
        // Get model information
        $import_aros = $aro_import_model->find('all');
        $pk = $aro_import_model->primaryKey();
        $alias = $aro_import_model->alias();
        // Get parent node
        $root_node = $this->Acl->Aro->find()->where(['alias' => $alias, 'model' => $alias, 'parent_id IS NULL'])->first();
        if (!$root_node) {
            $root_node = $this->Acl->Aro->newEntity([
                    'alias' => $alias,
                    'model' => $alias
            ]);
            $this->Acl->Aro->save( $root_node );
        }
        $parentId = $root_node->id;
        // Add AROs
        $aros = $this->Acl->Aro->find()->where(['model' => $alias, 'parent_id' => $parentId]);
        foreach ($import_aros as $import_aro) {
            foreach ($aros as $aro) {
                if ($aro->foreign_key == $import_aro->{$pk}) {
                    continue 2;
                }
            }
            $entity = $this->Acl->Aro->newEntity([
                    'model' => $alias,
                    'foreign_key' => $import_aro->{$pk},
                    'parent_id' => $parentId
            ]);
            $this->Acl->Aro->save( $entity );
        }
    }

All I know is that it does not load AclBehavior which seems to contain required function.

$ bin/cake acl grant test controllers

Here's some frames:

Exception: Unknown method "node" in [vendor/cakephp/cakephp/src/ORM/Table.php, line 1719]
2015-02-04 08:39:59 Error: [BadMethodCallException] Unknown method "node"

#Stack Trace:
#
# Core Framework
#
#0 vendor/cakephp/acl/src/Model/Table/PermissionsTable.php(215)         : Cake\ORM\Table->__call('node', Array)
#1 vendor/cakephp/acl/src/Model/Table/PermissionsTable.php(215)         : Cake\ORM\Table->node(Array)
#
# Acl Manager
#
#2 vendor/cakephp/acl/src/Model/Table/PermissionsTable.php(163)         : Acl\Model\Table\PermissionsTable->getAclLink(Array, 1)
#3 vendor/cakephp/acl/src/Adapter/DbAcl.php(95)                         : Acl\Model\Table\PermissionsTable->allow(Array, 1, '*', 1)
#4 vendor/cakephp/acl/src/Controller/Component/AclComponent.php(132)    : Acl\Adapter\DbAcl->allow(Array, 1, '*')
#5 vendor/cakephp/acl/src/Shell/AclShell.php(270)                       : Acl\Controller\Component\AclComponent->allow(Array, 1, '*')
#6 [internal function]                                                  : Acl\Shell\AclShell->grant('test', 'controllers')
#
# Shell Dispatcher:
#
#7 vendor/cakephp/cakephp/src/Console/Shell.php(376)                    : call_user_func_array(Array, Array)
#8 vendor/cakephp/cakephp/src/Console/ShellDispatcher.php(200)          : Cake\Console\Shell->runCommand(Array, true)
#9 vendor/cakephp/cakephp/src/Console/ShellDispatcher.php(171)          : Cake\Console\ShellDispatcher->_dispatch()
#10 vendor/cakephp/cakephp/src/Console/ShellDispatcher.php(122)         : Cake\Console\ShellDispatcher->dispatch()
#11 bin/cake.php(20)                                                    : Cake\Console\ShellDispatcher::run(Array)
#12 {main}

Hi!

Im Cakephp 3.2.9 in windows 7 or Ubuntu 15.10- 64 I try to install Acl plugin via composer.
Install cakephp via composer
cd /var/www/testes
When execute:
composer require cakephp/acl
Add to bootstrap.php and
bin/cake migrations migrate -p Acl

receive:
Fatal error: Class 'Acl\Model\Table\App' not found in /backup/www/cake/testes/vendor/cakephp/acl/src/Model/Table/AcoActionsTable.php on line 34

hi, great news shell can be invoked!

As far as I know, Schema shell isn't available in cakephp3, is that right? I'm testing the plugin and I can't initialize the database:

$ bin/cake Acl.Acl initdb

Welcome to CakePHP v3.0.0-RC1 Console
---------------------------------------------------------------
App : src
Path: /var/www/html/cake_blog_tutorial/bookmarker/src/
---------------------------------------------------------------
Exception: Shell class for "Schema" could not be found. in [/var/www/html/cake_blog_tutorial/bookmarker/vendor/cakephp/cakephp/src/Console/ShellDispatcher.php, line 278]

Reading the code, initdb is invoking cake schema create DbAcl:

public function initdb()
{
    return $this->dispatchShell('schema create DbAcl');
}

Should we use Migrations?

I was Installed acl plugin in cakephp 3.0 by composer. but warning this:

Warning (512): Callback parentNode() not defined in \Cake\ORM\Entity [ROOT\vendor\cakephp\acl\src\Model\Behavior\AclBehavior.php, line 87]

failes. Its using the wrong paths seperators

I have my Users and Groups models and other logic in a plugin, when trying to implement Acl saving new users works, but trying to save changes it fails with a

AclNode::node() - Couldn't find Aros node identified by "Array ( [Aros0.model] => PUsers.Users [Aros0.foreign_key] => 11 ) "

error

The model in the Aros table is just saved as Users

What would be the fix, save the full Plugin.Model in the model field, or fix that node lookups just use the model name without the plugin part ?

Warning (512): DbAcl::allow() - Invalid node [ROOT/vendor/cakephp/acl/src/Model/Table/PermissionsTable.php, line 169]

i check the code in AclNodeTable.php

the function node($ref = null)
when $aco passed to this function, everything is ok.
when $aro passed to this function, this var wont go into the control structure at all

Hello There,

I am new in cake php. I have successfully installed ACL as well as database tables following your instruction in my cake php 3.0 website. But I don't aware that how to use it further on my website.Can you please let me know the instruction of implementation ?

Regards
Ashish K.

A model stored a plugin with a / in the name causes issues with the ACL path.

I have an abstract controller class (named other than "AppController"), and this leads to an exception when running bin/cake acl_extras aco_sync:

Exception: Cannot instantiate abstract class App\Controller\MyAbstractController in
[/apppath/vendor/cakephp/acl/src/AclExtras.php, line 433]

It looks as a closely related issue was addressed almost two years ago in 6106e51, but then that fix was reverted several days later, in 655b1e3.

I'm not clear if there's a good reason the original fix was reverted, such as undesirable behaviour elsewhere in the plugin, or if it was a regression. Or am I just using the plugin incorrectly, e.g. missing a configuration option or something, and my abstract controller shouldn't be a problem?

It looks as if the problem, at least as I'm experiencing it, can be solved by ignoring abstract controller classes entirely. For example, by checking whether $controller is abstract in _updateControllers and skipping over it when it is, at the same point that a $controllerName of 'App' is skipped. Something like this in:

// existing check
if ($controllerName == 'App') {
    continue;
}
// new check
$namespace = $this->_getNamespace($controller, $pluginPath, $prefix);
if ((new \ReflectionClass($namespace))->isAbstract()) {
    continue;
}

If this is a bug and that fix seems appropriate, then I can submit a PR for it.

cake 3 documentation says we don't need and don't have to call Auth->allow for login action:

You should not add the “login” action of your UsersController to allow list.
Doing so would cause problems with normal functioning of AuthComponent.

So how can I allow all my users to access users/login action when I use ACL? Should I call Acl->allow($user, 'controllers/users/login) for each user in my application? In cake 2 I used to put $this->Auth->allow('login'); in UsersController beforeFilter method

As already pointed out twice in the dev channel:

• We should adjust the readme here to make it clear this is a CakePHP 3.x plugin.

• Also, the header title (I dont have access, otherwise I would have done it myself) should not be "Additional tools for managing ACL in CakePHP applications", but sth like

  Plugin for managing ACL in CakePHP applications.
  

  to make it clear its not a library of tools, but a plugin.

Hi guys. Would it be possible to update which version of cakephp this requires? Should it be ~3.1 at this point? Or dev-master? 3.0 seems stale..

Thanks

Hey guys. I just did a composer update on an app using this and for some reason (doesn't look like any changes happened with this plugin, I think a change in the 3.0 core did this), ActionsAuthorize is failing with:

Missing Component
Error: AclComponent could not be found.
Error: Create the class AclComponent below in file: src/Controller/Component/AclComponent.php

In my app I'm loading the Acl plugin, and using it with:

$this->loadComponent(
    'Auth', [
        'loginAction' => [
            'plugin' => false,
            'controller' => 'Users',
            'action' => 'login'
        ],
        'authError' => "You don't have access to that location.",
        'authenticate' => [
            'Form'
        ],
        'authorize' => [
            'Acl.Actions' => ['actionPath' => 'root/']
        ]
    ]
);

I went into Acl\Auth\ActionsAuthorize and saw it was trying to load a component, Acl, without a plugin prefix, so I changed that from
$Acl = $this->_registry->load('Acl');
to
$Acl = $this->_registry->load('Acl.Acl');

And then everything worked as expected. It feels like the plugin should prefix the loading of a component with the plugin, right? I don't know how it worked before. If you're in a plugin's component and you load another component did it in the past implicitly assume you meant to load it via the same plugin? But then that changed to need to be explicit? If it should now be explicit was the a core change that broke this? Or is my setup wrong? It literally wouldn't be the first time today.

If it needs to be prefixed let me know and I'll make the PR. It's in ActionsAuthorize and CrudAuthorize.

Thanks

Hello,

In general, when we use ACL, we also need to do some tests of permissions in the views and display/hide some codes.
For example:

• A link of a Dashbord (Administration Panel)
• Somes buttons, like Edit, Delete in a blog or forum
• etc

That's why i was looking if something already existed for Cake2. And i found an awesome helper for Cake1: https://github.com/geromey/acl_utilities

This helper is awesome because it allow us to do ACL tests with 2 differents way.
First :

<?= $this->Acl->link(
    __('Dashboard'),
    [
        'controller' => 'admin',
        'action' => 'home',
        'prefix' => 'admin'
    ]
) ?>

It will look if the current user can access to the url admin/Admin/home and if yes, it will display the link, else the link will not be rendered.

Also, sometimes we need to display/hide some HTML code with the link, example with an <li> tag :

<li>
    <?= $this->Acl->link(
        __('Dashboard'),
        [
            'controller' => 'admin',
            'action' => 'home',
            'prefix' => 'admin'
        ]
    ) ?>
</li>
<li>
<!--Another link-->
</li>
etc

And this helper provide an awesome method similar to $this->start() and $this->end() :

<?php $this->Acl->startBlock() ?>
    <li>
        <?= $this->Acl->link(
            __('Dashboard'),
            [
                'controller' => 'admin',
                'action' => 'home',
                'prefix' => 'admin'
            ]
        ) ?>
    </li>
<?php $this->Acl->endBlock() ?>

And if the permissions for the link (Or one of them if there is many link in the same block) between those block are true, then all the code will be displayed (Or hidden if the permission for all links are false).

I have tried to convert this helper to Cake3, and it work nice but i need to rewrite some codes and fix a bug because if i use 1 time $this->Acl->startBlock() in a view it work well, but with 2 or more, none of them work.
But i'm pretty sure that you guys will help me to code it better if the feature is accepted (Example, delete the _getPatch() method to use that one from the plugin). 😄

Here is my actual helper : https://gist.github.com/Xety/1d590a0fd029a163831a

The setParent() method doesn't work, a new entity (Aro or Aco) is created with no data

Acl\Model\Table\AclNodesTable::node build query like this:

SELECT "Aros"."id" AS "Aros__id", "Aros"."parent_id" AS "Aros__parent_id", "Aros"."model" AS "Aros__model", "Aros"."foreign_key" AS "Aros__foreign_key", "Aros"."alias" AS "Aros__alias"
FROM "aros" "Aros"
INNER JOIN "aros" "Aros0" ON (Aros.lft <= Aros0.lft AND Aros.rght >= Aros0.rght)
WHERE ("Aros0"."model" = 'Users' AND "Aros0"."foreign_key" = 7) ORDER BY Aros.lft DESC

This cause excetion:

Error: SQLSTATE [42P01]: Undefined table: ERROR 7: The element of the FROM clause incorrectly > refers to the table "aros" LINE 1: ... FROM "aros" "Aros" INNER JOIN "aros" "Aros0" ON (Aros.lft <... > ^ HINT: Perhaps a reference was made to the alias of the "Aros" table.

Working query looks like this:

SELECT "Aros"."id" AS "Aros__id", "Aros"."parent_id" AS "Aros__parent_id", "Aros"."model" AS "Aros__model", "Aros"."foreign_key" AS "Aros__foreign_key", "Aros"."alias" AS "Aros__alias" 
FROM "aros" "Aros" 
INNER JOIN "aros" "Aros0" ON ("Aros".lft <= "Aros0".lft AND "Aros".rght >= "Aros0".rght) 
WHERE ("Aros0"."model" = 'Users' AND "Aros0"."foreign_key" = 7) ORDER BY "Aros".lft DESC

bin/cake acl_extras aco_update

Created Aco node: controllers/FOC/Authenticate

This is happening again and again. The only folder containing files in src is plugins/FOC/Authenticate/src/Auth

Created entry in database looks like this:
id, parent_id, model: NULL, foreign_key: NULL, alias: FOC\Authenticate, lft, rght: lft+1

As I'm starting to rewrite stuff from Cake2 to Cake3, I need Acl.

In Cake2 theres
public $actsAs = array(
'Acl' => array('type' => 'requester')
);

and
function parentNode() { }

How do I implement the same behavior using Cake3? I've rewritten some parts of the original implementation to allow multi-role, but that should not be the problem. I simply cant find any advice of how to use this plugin.

Hello,

Because this plugin has been ported from Cake2, i assume that the "Group-only" must work as well, but no.
I have followed the instruction here : http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application.html#group-only-acl but it actually doesn't work.
The key 'enabled' => false look like it isn't checked. I have also check all ACL releated files in Cake2 and i saw nothing about that.

In my UsersTable :

$this->addBehavior('Acl.Acl', [
    'type' => 'requester',
    'enabled' => false
]);

$this->belongsTo('Groups', [
    'foreignKey' => 'group_id'
]);

In my GroupTable :

$this->addBehavior('Acl.Acl', [
    'type' => 'requester'
]);

$this->hasMany('Users', [
    'foreignKey' => 'group_id'
]);

In my UserEntity :

public function parentNode() {
    if (!$this->id) {
        return null;
    }
    if (isset($this->group_id)) {
        $groupId = $this->group_id;
    }
    if (!$groupId) {
        return null;
    }

    return ['Groups' => ['id' => $groupId]];
}

public function bindNode($user) {
    return ['model' => 'Groups', 'foreign_key' => $user->group_id];
}

In my GroupEntity :

public function parentNode() {
    return null;
}

In my database the aros table look like that :

And i got this error when i try to make a request:

AclNode::node() - Couldn't find Aros node identified by "Array ( [Aros0.model] => Users [Aros0.foreign_key] => 1 ) " 

Where 1 is the user_id and not the group_id.

I have also noticed that when i add an user, it doesn't create the ARO, so that look like to work well.

cakephp 3.5.4
acl 0.2.5

$ ./bin/cake bake controller Tags
$ ./bin/cake bake plugin Tags
$ ./bin/cake bake controller --plugin Tags Tags
$ ./bin/cake acl_extras aco_sync
Created Aco node: controllers/Tags
Created Aco node: controllers/Tags/index
Created Aco node: controllers/Tags/view
Created Aco node: controllers/Tags/add
Created Aco node: controllers/Tags/edit
Created Aco node: controllers/Tags/delete
Created Aco node: controllers/Tags/Tags
Created Aco node: controllers/Tags/Tags/index
Created Aco node: controllers/Tags/Tags/view
Created Aco node: controllers/Tags/Tags/add
Created Aco node: controllers/Tags/Tags/edit
Created Aco node: controllers/Tags/Tags/delete
Deleted Aco node: /controllers/Tags/index and all children
Deleted Aco node: /controllers/Tags/view and all children
Deleted Aco node: /controllers/Tags/add and all children
Deleted Aco node: /controllers/Tags/edit and all children
Deleted Aco node: /controllers/Tags/delete and all children
Aco Update Complete

expected:

$ ./bin/cake acl view aco controllers/Tags
Aco tree:
---------------------------------------------------------------
  [5] Tags
    [6] index
    [7] view
    [8] add
    [9] edit
    [10] delete
    [28] Tags
      [29] index
      [30] view
      [31] add
      [32] edit
      [33] delete
---------------------------------------------------------------

actual:

$ ./bin/cake acl view aco controllers/Tags
Aco tree:
---------------------------------------------------------------
  [5] Tags
    [28] Tags
      [29] index
      [30] view
      [31] add
      [32] edit
      [33] delete
---------------------------------------------------------------