I am novice to the CakePHP framework. I don't have enough knowledge about CakePHP. So my question is: Does ACL works automatically or do I need to check it manually?
I have this in the AppController of my latest CakePHP 1.3 project with ACL, should be fairly similar in CakePHP 2.1.
function beforeFilter() {
// ACL Check
if($this->name != 'Pages' && !$this->Acl->check(array('model' => 'User', 'foreign_key' => $this->Session->read('Auth.User.id')), $this->name . '/' . $this->params['action'])) {
CakeLog::write('auth', 'ACL DENY: ' . $this->Session->read('Auth.User.name') . ' tried to access ' . $this->name . '/' . $this->params['action'] . '.');
$this->render('/pages/forbidden');
exit; // Make sure we halt here, otherwise the forbidden message is just shown above the content.
}
}
Apart from the 'Pages' controller, all controllers/actions are ACL-checked and if a user has no access, the 'pages/forbidden' view is served instead and a log entry is written to the auth.log file as well (optional, but I preferred this at the time).