AclPlus

Introduction

AclPlus aims to be a viable alternative to those who are not comfortable with CakePHPs built in AclComponent. And who knows, I may even throw a couple of things CakeAcl can't do without a lot of hacking.

As clarification: I have forked "SuperCakeAuth" and is in my public repositories list, to avoid confusion, "SuperCakeAuth" is much closer in syntax and methodology to the current official CakePHP Auth/Acl. I'm writing this because I believe I can produce a simpler and more efficient way of doing this, I might be wrong but we will see. :)

Goals

Distributed as a Plugin.
Fully unit tested.
Can be used for row-level as well as action-by-action access control.
When finding an ACO that is not logged in the ACO table add a new record to help maintain the ACO table.
Can pick and choose which part of the authentication plugin/components you want to use.
Additional configuration such as action maps and allowed actions -are not- may also be done in in a configuration file loaded by the bootstrap as well as the controller.
Plenty of Auto Magic, but confined to doing it's job. i.e. checking that an ARO has access to an ACO, no redirecting or login extras built in.
Can use the standard Cake AclBehaviour and table layout generated by the cake console, may have to include one of the newer versions of AclBehaviour to allow an Aro to also be and Aco.
Can be used with any means of Authentication, distributed with Authsome but can easily work with Cake Auth.
Effective use of caching and reducing database queries wherever possible.
Provide some static methods for easy use outside of the controller, for instance in the AppHelper when checking a logged in user has access to a link before outputing to the view.

Additional Information

PHP5
Should work with Cake1.2 but untested.

Current Features

Provides a single method to check if a user has access to the current controller/action combination.
Can map actions to a CRUD operation.

Issues

Cannot give tables different names.
Many, many more.

Simple Usage Example

Usage notes

CRUD may not function correctly for models if you do not explicity map the current action to a crud operation in AclPlusComponent::$actionMaps. If the component has not been given a CRUD operation to map the current action to it will default to "read". This may not be a problem for checking on action access as all _create, _read, _update and _delete fields have the same value. But this is not the case in models, so authentication may be given even if the user has no access.

Using Authsome

class AppController extends Controller
{

    public $components = array(
        'AclPlus.Authsome',
        'AclPlus.AclPlus',
        'Session'
    );

    public function beforeFilter() {
        if(!$this->AclPlus->check('User', Authsome::get())) {
            $this->Session->setFlash('No access');
            $this->redirect(array('controller' => 'dashboards'));
        }
    }

}

Using CakePHP Auth

class AppController extends Controller
{

    public $components = array(
        'AclPlus.AclPlus',
        'Auth',
        'Session'
    );


    public function beforeFilter() {
        if ($this->AclPlus->check('User', $this->Auth->user('id'))) {
            $this->Session->setFlash('No access');
            $this->redirect(array('controller' => 'dashboards'));
        }
    }

}

codershop / AclPlus