How to populate the permissions datatables

From CTRNet Wiki
Jump to: navigation, search

ATiM2's user-group-permission setup is based on CakePHP's built-in ACL functionality, and though the code and some of the datatables are different, the resulting functionality is almost the same as it was in ATiM1. Every user belongs to a single group, and each group has permissions set that allows them to access plugin-controller-actions.

Every page/screen loaded through the app is checked against the "currently-logged in" user's group's permissions. Every link is built after getting checked against the "currently-logged in" user's group's permissions. Every form action is built after getting checked against the "currently-logged in" user's group's permissions. As long as the developer does not manually override the app's permissions, no user can get access to any plugin, controller, or action their group is not allowed to access.

Initializing the permissions datatables

To ensure that the correct default permissions are in place, initialize the permissions datatables with the following steps:

1. Before you update the ACL datatables, be sure you've uploaded all your new code to the proper app folders and have checked all file permissions. Also, be sure to make a complete database backup, just in case!

2. Empty the "acos" and "aros_acos" datatables. Do not empty the "aros" datatable

3. Load any page of the ATiM2 app. The PermissionManager component will detect that there are no values in the "acos" or "aros_acos" datatables and will run functions that will re-populate the "acos" datatable with all the available plugins, controllers, and actions, and populate the "aros_acos" datatables with some new default permissions to access them.

Please note, as of this writing, this process will completely remove any permissions already set up, and replace them with default open permissions. Also, please keep in mind that these permissions control what plugins, controllers, and actions only, they do not restrict what data users or groups have permission to see.

The default permissions are for "administrators", "managers", and "users" (groups 1, 2, and 3, respectively) to be allowed access to "controllers" (i.e. everything) and for "managers" and "users" to be denied access to the "Permissions" controller in the "Administrate" plugin.

Updating the permissions datatables

When a new plugin, controller, or action is added to the application or an existing plugin, controller, or action is removed from the application, the ACL datatables need to be updated. Otherwise, groups will not be able to access the new code/areas.

  1. Before you update the ACL datatables, be sure you've uploaded all your new code to the proper app folders and have checked all file permissions. Also, be sure to make a complete database backup, just in case!
  2. Log in to the application as "administrator" so that you will be allowed access to modify permissions.
  3. Go to /administrate/permissions/regenerate/. The regenerate action will run functions that will add in any missing entries in the "acos" datatable and remove any entries from the "acos" datatable that no longer exists in the "plugins" directory. For any removed plugins, controllers, or actions, the corresponding permissions in the "aros_acos" table are also removed.
  4. Log out of ATiM and then log back in. Permissions are cached in session variables and logging out clears them.

Please note, as of this writing, this the regenerate action is not tied into the menu system.

For more information about CakePHP 1.2's ACL, visit the official documentation and go through this official tutorial.

Retrieved from "http://www.ctrnet.ca/mediawiki/index.php/How_to_populate_the_permissions_datatables"
Personal tools