Access Control Lists (ACLs)
Access Control Lists, or ACLs, provide a good level of access control on any site. Code bases and platforms may use a different method of instituting ACLs and I am going to go through how CakePHP 1.2.x is handling them.
First is to understand what an ACL really is. The Cookbook has a good page explaining this type of concept. I highly recommend reading through this page. The whole concept behind this ACL can be divided in three parts:
- ACO – Access Control Object, object that is being requested
- ARO – Access Request Object, object that is putting in the request
- ACL – Access Control List, determines if an ARO can access an ACO.
In the Cookbook, they have a very good call out about the ACL, it is not authentication. No matter what code base, or platform you are on, never mistake this. The ACL verification only happens after the person logs in. They can be very powerful together, but authentication must happen first.
The next thing to understand is the way an ACL would look in a matrix. Again, the Cookbook provides a great example of this. The one thing that I would rather prefer, but understand why they do this, is the use of the example. Sure, we all like movies, and the Lord of the Rings is a great way to really explain different things, but it may be hard to switch that over to the real world of coding. So for this entry, I am going to use as an example, and Event Calendar.