Cakephp 2.1 rename ACL Table without ACL Model

Question

I have trouble using ACL. In my CoreUsersController i make the following call:

if(!$this->Acl->check('User::'.$user['User']['id'], 'CoreUser', 'read')) {
    die('PERM DENIED');
}

The ACL is included as component in my AppController. The Database-Tables looks like:

• table "acos"
• table "core_groups" (as aros)
• table "aros_acos" as connection between core_groups and acos.

---

Here is the Error Thrown: Error: Table aros for model Aro was not found in datasource default.

---

And my Code:

1. User-Model:

    App::uses('AuthComponent', 'Controller/Component');

    class CoreUser extends AppModel {

            public $useDbConfig = 'default';
            public $useTable    = 'core_users';

            public $hasAndBelongsToMany = array(
                'MemberOf' => array(
                    'className' => 'CoreGroup',
                    'joinTable' => 'core_users_groups',
                    'foreignKey' => 'user_id',
                    'associationForeignKey' => 'group_id'
                )
            );

            public $name = 'User';
            public $actsAs = array('Acl' => array('type' => 'both'));

            public function parentNode() {
                // stuff in here should be correct
            }

}

2. Group-Model:

App::uses('AppModel', 'Model');
App::uses('AuthComponent', 'Controller/Component');

class CoreGroup extends AppModel {

        public $useDbConfig = 'default';
        public $useTable    = 'core_groups';

        public $hasAndBelongsToMany = array(
            'Member' => array(
                'className' => 'CoreUser',
                'joinTable' => 'core_users_groups',
                'foreignKey' => 'group_id',
                'associationForeignKey' => 'user_id'
            )
        );
        public $name = 'Group';
        public $actsAs = array('Acl' => array('type' => 'requester'));

        public function parentNode() {
            return null;
        }
}

---

My Question: How to tell ACL to use "core_groups"-Table instead of "aros"-table? Note: I added "ActsAs" as suggested by the Cake-Book to both Models!

Answer 1

If you would like to proceed with Cake's ACL, then it is better to have three separate tables:

1. aros
2. acos
3. aros_acos

These can be generated using the AclShell:

./Console/cake schema create DbAcl

Using one of your app's model as an ARO or ACO is not advised as ARO and ACO models are implemented as a tree structure. These should be separate from the models in your app that 'actsAs' an ACO / ARO.

When you do attach the Acl behavior in the $actsAs property to your User/Group models, the Acl behavior's callbacks kick in. These use the parentNode() methods defined in your User/Group models to create an ARO reference to the rows created in your User/Group models. These references are stored in the ARO table separately, pointing to the actual User and Group. Hence, the ARO table is necessary.

I would recommend you go through the ACL tutorial in the book as your implementation will be quite similar. Just be careful about using the HABTM relationship between User and Group, as that will need a bit of tweaking.