Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword or section
Like this

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
Core Components

Core Components



|Views: 2,343|Likes:
Published by prak_sophy4252
CakePHP has a number of built-in components. They provide out of the box functionality for several commonly used tasks. ACl, Auth, Session, RequestHandler, Security, Email, Cookie
CakePHP has a number of built-in components. They provide out of the box functionality for several commonly used tasks. ACl, Auth, Session, RequestHandler, Security, Email, Cookie

More info:

Published by: prak_sophy4252 on Dec 18, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less





1.2 Collection1.1 CollectionGeneral
Welcome to The Cookbook 
The Manual»Core Components 
5 Core Components
EditComments (0)History 
CakePHP has a number of built
in components. They provide out of the boxfunctionality for several commonly used tasks.To learn more about each component see the menu on the left, or learn moreaboutcreating your own components
 See comments for this section 
5.1Access Control Lists
EditView just this sectionComments (2)History 
CakePHP's access control list functionality is one of the most oft
discussed,most likely because it is the most sought after, but also because it can be themost confusing. If you're looking for a good way to get started with ACLs ingeneral, read on.Be brave and stick with it, even if the going gets rough. Once you get the hangof it, it's an extremely powerful tool to have on hand when developing yourapplication.
See comments for this section 
5.1.1Understanding How ACL Works
EditView just this sectionComments (0)History 
The Acl component provides an easy to use interface for database and ini based access control lists.
The auth component provides an easy to use authentication system using a variety of authenticationprocesses, such as controller callbacks,Acl, or Objectcallbacks.
The session component provides a storage independentwrapper to PHP's sessions.
The request handler allows you to introspect further intothe requests your visitors and inform your applicationabout the content types and requested information.
The security component allows you to set tighter securityand use and manage HTTP authentication.
An interface that can be used to send emails usingone of several mail transfer agents including php's mail() andsmtp.
The cookie component behaves in a similar fashion to theSessionComponent in that it provides a wrapper for PHP'snative cookie support.
Table of Contents:The
1 Beginning With
 2 Basic Principles of 
 3 Developing with
 4 Common Tasks With
 5 Core Components5.1 Access ControlLists 5.2 Authentication 5.3 Cookies 
5.4 Email
 5.5 Request Handling 5.6 SecurityComponent 5.7 Sessions 6 Core Behaviors 7 Core Helpers 8 Core Utility Libraries 9 Core ConsoleApplications 10 Example Applications 11 Appendices 
All in one page Suggest a new sectionhere 
Comments for CoreComponents Change history for CoreComponents 
LoginTop ContributorsTodoAbout CakePHPDonate
Powerful things require access control. Access control lists are a way to manageapplication permissions in a fine
grained, yet easily maintainable andmanageable way.Access control lists, or ACL, handle two main things: things that want stuff, andthings that are wanted. In ACL lingo, things (most often users) that want touse stuff are called access request objects, or AROs. Things in the system thatare wanted (most often actions or data) are called access control objects, orACOs. The entities are called 'objects' because sometimes the requesting objectisn't a person
sometimes you might want to limit the access certain Cakecontrollers have to initiate logic in other parts of your application. ACOs could beanything you want to control, from a controller action, to a web service, to a lineon your grandma's online diary.To review:ACO
Access Control Object
Something that is wantedARO
Access Request Object
Something that wants somethingEssentiallly, ACL is what is used to decide when an ARO can have access to anACO.In order to help you understand how everything works together, let's use asemi
practical example. Imagine, for a moment, a computer system used by afamiliar group of fantasy novel adventurers from the
Lord of the Rings
. Theleader of the group, Gandalf, wants to manage the party's assets whilemaintaining a healthy amount of privacy and security for the other members of the party. The first thing he needs to do is create a list of the AROs involved:Gandalf AragornBilboFrodoGollumLegolas
 PippinMerryRealize that ACL is
the same as authentication. ACL is what happens
a user has been authenticated. Although the two are usually usedin concert, it's important to realize the difference between knowing whosomeone is (authentication) and knowing what they can do (ACL).The next thing Gandalf needs to do is make an initial list of things, or ACOs, thesystem will handle. His list might look something like:WeaponsThe One RingSalted PorkDiplomacyAleTraditionally, systems were managed using a sort of matrix, that showed abasic set of users and permissions relating to objects. If this information werestored in a table, it might look like the following table:
The Ring
Salted PorkDiplomacyAle
At first glance, it seems that this sort of system could work rather well.Assignments can be made to protect security (only Frodo can access the ring)and protect against accidents (keeping the hobbits out of the salted pork andweapons). It seems fine grained enough, and easy enough to read, right?For a small system like this, maybe a matrix setup would work. But for agrowing system, or a system with a large amount of resources (ACOs) andusers (AROs), a table can become unwieldy rather quickly. Imagine trying tocontrol access to the hundreds of war encampments and trying to managethem by unit. Another drawback to matrices is that you can't really logicallygroup sections of users or make cascading permissions changes to groups of users based on those logical groupings. For example, it would sure be nice toautomatically allow the hobbits access to the ale and pork once the battle isover: Doing it on an individual user basis would be tedious and error prone.Making a cascading permissions change to all 'hobbits' would be easy.ACL is most usually implemented in a tree structure. There is usually a tree of AROs and a tree of ACOs. By organizing your objects in trees, permissions canstill be dealt out in a granular fashion, while still maintaining a good grip on thebig picture. Being the wise leader he is, Gandalf elects to use ACL in his newsystem, and organizes his objects along the following lines:Fellowship of the Ring™WarriorsAragornLegolas
 WizardsGandalf HobbitsFrodoBilboMerryPippinVisitorsGollumUsing a tree structure for AROs allows Gandalf to define permissions that applyto entire groups of users at once. So, using our ARO tree, Gandalf can tack on afew group
based permissions:Fellowship of the Ring
: all)
: Weapons, Ale, Elven Rations, Salted Pork)AragornLegolas

Activity (5)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
syedrahman01 liked this
swapna246 liked this
Fredzex liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->