While following the instructions on the CakePHP book to create an ACL controlled site, I added the bindNode suggested to make it "Group-Only ACL":
//in users model
function bindNode($user) {
return array('model' => 'Group', 'foreign_key' => $user['User']['group_id']);
}
According to that page, my aros table should look like this:
+----+-----------+-------+-------------+-------+------+------+
| id | parent_id | model | foreign_key | alias | lft | rght |
+----+-----------+-------+-------------+-------+------+------+
| 1 | NULL | Group | 1 | NULL | 1 | 2 |
| 2 | NULL | Group | 2 | NULL | 3 | 4 |
| 3 | NULL | Group | 3 | NULL | 5 | 6 |
+----+-----------+-------+-------------+-------+------+------+
All is well and good - my group permissions seem to be working correctly...etc, but when users are created, they're still added to the aros table.
Is is normal? Should users be added, just not used for access purposes? I assumed my table would look just like the example (only groups, no users), so when I started seeing users added, I got concerned.
add following line in your User model:
public $actsAs = array('Acl' => array('type' => 'requester', 'enabled' => false));
Reference: http://cakephp.lighthouseapp.com/projects/42648/tickets/1485-bindnode-still-creating-user-model-aros