0

I´m just working with Cakephp for a few days and I´m very impressed. But now I´m trying to get closer with Acl, but it´s a bit confusing.

My situation is, that I want to create a website with a frontend and a backend. But I´m not sure if I really need Acl for this, cause all Pages should be available for all users, except the backend of course. The tutorials in the Cookbook aren´t very helpful due to the fact, that it´s all about creating users, and groups and roles and creating the right views for login, adding and editing users, etc.

But I just need information about what Acl handles? Does it restrict the use of controllers or models?

Or do I need something else than Acl? Maybe it´s easier to check a session variable and redirect direct into the controller if the check false?

Hopefully you can bring me on the right way,

thanks in advance and best greetings from Germany,

Sascha

Sascha Wolff
  • 111
  • 1
  • 13
  • If you have ANY doubt whether ACL is overkill (or even if you don't), ACL is overkill. – Dave Feb 27 '13 at 19:35

2 Answers2

0

I suggest you to read this chapter and use the Auth component instead of simply accessing the session as you're teased to do.

http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html

For your admin backend use prefix routing.

http://book.cakephp.org/2.0/en/development/routing.html#prefix-routing

In conjunction with auth this is pretty easy to check and implement in the isAuthorized() callback.

floriank
  • 25,546
  • 9
  • 42
  • 66
0

If you don't need various 'levels' of permissions; i.e. any logged-in user is allowed to access the backend, it's best to skip ACL (for now). If, in a later stage, ACL is required, you can always add it later.

You can start with 'simple' authentication. This chapter in the cookbook describes how to do so; http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html

In general, do not develop features that you don't need now. E.g. implementing ACL because you might need it in the future is only overcomplicating your development and chances are, they don't fit the requirements when that moment arrives.

Unlike @burzum, I'm not a big fan of prefix routing (only for very simple projects), because you'll end up mixing front- and backend actions and logic in the same controller.

I would advice to create separate controllers for the backend, possibly develop them as a Plugin. Either way, you may consider to create 'base' Controllers and Models for the backend and have your backendcontrollers/models extend them. This way you'll be able to define components/behaviors to use for the backend in 1 location. Also, by loading the 'Auth' component only in Backend controllers, you don't have to 'allow' actions in each controller in the frontend

for example;

class BackendCoreController extends AppController {
    // only load the Auth component in backend controllers
    // regular/frontend controllers don't require authentication
    $components = array('Auth');

}


class PageAdminController extends BackendCoreController {

}

For considerations on developing the backend as a plugin, see my answer here:

Best way to implement admin panel in CakePHP

Community
  • 1
  • 1
thaJeztah
  • 27,738
  • 9
  • 73
  • 92