stephen – Page 9

Access Control Lists (ACLs) Part 3

In the first part, the idea and theory behind an ACL was discussed. In part 2, the set up of AROs, ACOs, and ACLs via the command line was shown. Now in part three, we look at why this is so important. Because an interactive site with memberships should never be static, what happens when a new member signs up? What happens when a member is promoted to an “admin” level? And what happens when users change? This can all be happened via ACLs.

In part 2, existing member were set up as AROs. And with user accounts, we also have to set those up as ACOs. Then those AROs (people) need to have permissions set for the CRUD actions. (Create, Read, Update, Delete). These actions are specific to the ACO, or object they are trying to manipulate. So if a user wants to edit their own account, do they have permission? If a user wants to delete another person’s account, do they have permissions to? With setting up ACLs, this can be checked. But what do we do when a new person signs up for an account? We need to create the code to do this.

In the Users Controller, we need to make sure we use the ACL component is included. So include this in the controller:

class UsersController extends AppController {
	var $name = 'Users';
	var $components = array('Acl');

Also remember that the Auth and Security components are also very powerful components and should be included as well, but the above only shows where to include the components. Now with this in place, we can no address the add (or register) function of the controller.

(more…)

2 Comments

Wednesday, August 27, 2008

Applications / PHP

Access Control Lists (ACLs) Part 2

In my last post, I covered a little bit about what an Access Control List (ACL) was. The Cookbook provides a great more detail.

To go along with the idea of the last post, the application has a few different areas: Users who are members of groups, Groups which have users as members, and Events that belong to either the user or the group. Since the creation of ACOs and AROs are basically the same for each area (Users, Groups, Events), I will detail some code for the Users area making use of ACLs.

The first thing we need to do is create an ARO grouping and an ACO grouping. Remember that AROs are the requester of an object. In this example, we can think of them as people. And people have different types of roles, which is what we need to create for the people. In this example application, there will be site admins (Admins), group leaders (Leaders) and regular members (Members). So we need to create this type of ARO. We can do this in a controller, and a page, or we can do this via the command line.

(more…)

0 Comments

Tuesday, August 26, 2008

Applications / PHP

Access Control Lists (ACLs)

Access Control Lists, or ACLs, provide a good level of access control on any site. Code bases and platforms may use a different method of instituting ACLs and I am going to go through how CakePHP 1.2.x is handling them.

First is to understand what an ACL really is. The Cookbook has a good page explaining this type of concept. I highly recommend reading through this page. The whole concept behind this ACL can be divided in three parts:

ACO – Access Control Object, object that is being requested
ARO – Access Request Object, object that is putting in the request
ACL – Access Control List, determines if an ARO can access an ACO.

In the Cookbook, they have a very good call out about the ACL, it is not authentication. No matter what code base, or platform you are on, never mistake this. The ACL verification only happens after the person logs in. They can be very powerful together, but authentication must happen first.

The next thing to understand is the way an ACL would look in a matrix. Again, the Cookbook provides a great example of this. The one thing that I would rather prefer, but understand why they do this, is the use of the example. Sure, we all like movies, and the Lord of the Rings is a great way to really explain different things, but it may be hard to switch that over to the real world of coding. So for this entry, I am going to use as an example, and Event Calendar.

(more…)

1 Comment

Monday, August 25, 2008

PHP

Queries using CakePHP find()

CakePHP now has deprecated some queries. The findALL, findCount, etc etc etc. This now uses the find() method for all of these, and has a basic syntax for this. If it is basic, why blog about it then? Good question. The documentation is there in the API, and is there in the Cookbook, it took me some time to really get a good idea on an applicable example and took many times of “trial and error” to help me get along. Because finding is good, and will give you all the information you need, if it is a simple, 1 table find. If you need to query two or three tables, how does this work. So this will go into those as well.

The basic idea of find, as listed by the API is this:

find(
	array $conditions, 
	array $fields, 
	string $order, 
	int $recursive
);

This will find one record based on conditions, return the desired fields (or all of them if nothing is specified), order the results, and go so many levels deep (-1 for just the current table).
(more…)

7 Comments

Monday, August 18, 2008

Everything Else / Ideas and Sorts

New Theme for this site

I redid the theme for the site, and moved it to 2.6.1. I am not going to even remotely claim that this is a visually pleasing site, nor will I ever claim it will win for the best site design. However, what made me change it was that I was…

0 Comments

Saturday, August 16, 2008

Applications / Ideas and Sorts

AJAX and YUI

With the sensationalized aura surrounding this “web 2.0” myth, there is more and more of a call for AJAX enabled sites. This demand gets higher due to sites like Facebook, MySpace, Twitter, and so forth. So when going forward with a design to implement AJAX libraries, which one is the best. The answer: Whichever one fits the job at hand. There are good points to Scriptaculous, jQuery DoJo and others. There is a good list of some of these with pros and cons at The Chandler Project, and a further list of other libraries at eDevil’s Weblog.

The one I am going to cover is a newer one, and one that is hosted elsewhere, which has its own pros and cons, and that is the Yahoo User Interface, or YUI. The documentation, the downloads (if you desire), tutorials and other information is located at http://developer.yahoo.com/yui/ and is very extensive for the different aspects it can do. What I am going to cover is something useful for long pages of content on the web, Tabbed Viewing.

(more…)

1 Comment

Monday, August 11, 2008

Applications / PHP

Custom Pagination in CakePHP

To continue on last weeks thought of a “lite” forum, I needed 2 tables (Forums, Posts). Since this is a “lite” forum, I did not want to create a mid-table labeled topics, so I incorporated that in the Posts table. The other reasoning behind this, is that to create a hybrid forum/blog, the topic is really just a beginning post in the thread, so keep those in the Posts table, just mark it as a topic to differentiate this from the other posts.

I created two controllers, forums_controller.php and posts_controller.php. All of the links on the application will point to the forums_controller.php file. The models need to be created, forum.php and post.php, with the relationships.

The file user.php (User model) needs to have a “hasMany” relationship with Posts.

var $hasMany = array(
	'Post' => array('className' => 'Post',
		'foreignKey' => 'post_id',
		'dependent' => false,
	)
);

The Forum model needs a “hasMany” relationship with the Post model

var $hasMany = array(
	'Post' => array('className' => 'Post',
		'foreignKey' => 'forum_id',
		'dependent' => false,
	)
);

The Post model needs a “belongsTo relationship with both the Forum and User models.

var $belongsTo = array(
    'Forum' => array('className' => 'Forum',
        'foreignKey' => 'forum_id',
        'conditions' => '',
        'fields' => '',
        'order' => ''
    ),
    'User' => array('className' => 'User',
        'foreignKey' => 'user_id',
        'conditions' => '',
        'fields' => '',
        'order' => ''
)
);

(more…)

11 Comments

Monday, August 04, 2008

Applications / PHP

Blogs, Forums and CakePHP

In one of my contracts, I am writing a full application with membership, conference signups, information pages, and a small little forum. This is all per the customer’s request. The solution I decided on, was CakePHP for the framework. It is not going to be a big, full site like a MySpace, or Facebook. It is a small local non-profit group who will be able to have its membership keep in touch via the site. So the main pages are not hard. Most of the pages will follow a simplistic CRUD (create, read, update and delete) format, with the site admins being able to create, update and delete most pages. But instead of having a static site, they wanted the membership to be able to interact with the authors of the pages, and themselves.

The pages are not hard to enable this. I could have just as easily installed a WordPress instance for the solution, themed it up, and be done. Which I was seriously considering, as this already has the permissions, updates, management, etc. However, they were not too happy with something like this. So I looked elsewhere. Drupal would provide a good out of the box solution, but there were problems with the modules, and it seemed to take too much overhead to get the groups, permissions and other CMS features set up for this small site. The next idea I looked at was going the CakePHP route. (more…)

1 Comment

Tuesday, July 29, 2008

Applications / PHP

Don’t forget the basics

There was something I was asked to troubleshoot between two different environments. Most reputable places will give at least 2 different environments for application development, the best is to have at least three, development, stage, and production areas. I was asked resolve and fix an issue in the stage area,…

1 Comment

Monday, July 21, 2008

PHP

CakePHP Authentication

After last weeks Auth component, it is now time to go into the full Authentication of a user. In order to use the full power of the Auth component, the table should be named “users”. In the table I created, there were a few different things put in, but for the sake of this, I will limit those.

CREATE TABLE IF NOT EXISTS `users` (
	`user_id` int(11) NOT NULL auto_increment,
	`username` varchar(25) NOT NULL,
	`password` varchar(250) NOT NULL,
	`full_name` varchar(250) NOT NULL,
	`email` varchar(250) NOT NULL,
	`remote_address` varchar(16) NOT NULL,
	`last_login` datetime default NULL,
	`last_login_ip` varchar(16) default NULL,
	`created` datetime NOT NULL,
	`modified` datetime default NULL,
	PRIMARY KEY  (`user_id`),
	UNIQUE KEY `username` (`username`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

In this table, there is a lot you really do not need, but here is the breakdown: ‘user_id’ is needed for my purposes, ‘username’ and ‘password’ are named as such to be able to use the Auth component methods. The other fields are for personalization (full_name and email). The next three are just for simplistic CYA that should always be good practice, grap the registered IP address, date the user last logged in and the IP they logged in from. Is this a foolproof way of CYA? No. But it starts you out on the right track. The last two I always put in all of my tables, as CakePHP updates those automatically, so this also helps to track when created and when changed.

Now that the table is done, we need to provide some quick validation for registration and such. In the model, the code should look similar to this:

var $name = 'User';
var $primaryKey = 'user_id';
var $validate = array(
	'username' => array(
		'alphaNumeric' => array(
			'rule'		=> 'alphaNumeric',
			'required'	=> true,
			'on'		=> 'create',
			'message'	=> 'Username must be only letters and numbers, no special characters'
		),
		'between' => array(
			'rule' 		=> array('between', 5, 20),
			'on'		=> 'create',
			'message'	=> 'Username must be between 5 and 20 characters',
		),
		'isUnique' => array(
			'rule'		=> 'isUnique',
			'on'		=> 'create',
			'message'	=> 'This username is already taken. Please choose a different one.'
		)
	),
	'email' => array(
		'rule'		=> array('email', true),
		'required'	=> true,
		'message'	=> 'Please provide a valid email address'
	),
);

(more…)

2 Comments

Monday, July 14, 2008