CakePHP ACL Tutorial: How To Check Access

View full index of ACL Tutorial Articles

To include the ACL Component in your application, add the following declaration into your AppController:

var $components = array('Acl');

Note that if you are using the Authorization Component, you will also need to include the Auth component in the same array, and it must appear after the Acl inclusion. In such a case, you would add this:

var $components = array('Acl', 'Auth');

Once your application is equipped with the ACL Component, you determine access to particular pages of a site by calling the Acl::check() function.

If the url being accessed is:

http://www.cakephp.org/recipes/view/23

and the logged-in user has a username of betty, and there is a corresponding ARO record with an alias of betty, you would do the following to check if access is allowed:

$this->Acl->check('betty', 'Recipes', 'read')

A really great resource for examples of how to call the Acl’s various functions from within code is the ACL Test Case.

By spending time looking at this file until you understand everything going on inside it, you will definately come along ways towards fully understanding how to correctly use the ACL Component.

The built-in Authentication Component and the ACL Behavior both take care of a lot of this core functionality automatically. I will focus more directly on these elements at another time.

Monday April 14, 2008