Sypad Developers Community

Installing the phpGACL Plugin for CakePHP

Posted March 8th, 2007 by mariano.iglesias

Summary:

CakePHP's built in Access Control List framework probably suits the needs of most applications out there. However, there are some times where we need a greater control on the elements an application should protect, and probably share the ACL being used to other applications. Let us present you phpGACL for CakePHP, a Cake plugin and component to integrate phpGACL with your applications.

phpGACL is a strong, flexible framework used to build applications that need to be secured using the ubiquitous Access Control List concept. The G in phpGACL stands for Generic, and they have surely put an accent on that characteristic. With phpGACL we can not only set up permissions to protect our CakePHP controller/actions, but almost any other entitity our application is hosting/using.

phpGACL for CakePHP is a package consisting of two elements:

PhpGacl Component: a component that provides a programmatic wrapper to manipulate your phpGACL installation.
PhpGacl Plugin: a plugin that offers a control panel to manage this information interactively.

Let's start by installing this package. Download the file from the location included at the bottom of this article, and extract it to your main Cake application directory (usually app/ inside your Cake root directory.) You'll be asked to overwrite the following directories: controller/components, webroot, and plugins. Don't worry, no application files will be overwritten as phpGACL for CakePHP places all files on its own directories.

Once you have downloaded and extracted the file, launch your browser and put in the URL of your CakePHP application root, followed by /phpgacl (for example http://www.example.com/phpgacl). Since this is the first time we're running the plugin, we will be taken to the installation utility. If you haven't yet downloaded and installed phpGACL to your CakePHP installation, you'll see a screen similar to the one shown below.

phpGACL Plugin Installation: need phpGACL API

The phpGACL plugin is telling us that it can't find phpGACL API files. Download phpGACL from its homepage, and place its extracted files on your vendors directory inside your CakePHP application directory (usually app/vendors.) After doing so you should have a folder called phpgacl inside, with all phpGACL API's files. No installation is required for phpGACL since the plugin will install it for us.

Next, refresh the screen so the plugin notices that we have placed phpGACL where it belongs. You will now see the following screen:

phpGACL Plugin Installation: checking database configuration

The plugin is now asking us to double check the database configuration we will be using to host phpGACL tables. As the page says, we can either go with our default CakePHP database settings, or create a new setting so we can use, for example, a different table prefix for phpGACL tables. After checking the settings and making any changes we decide, clicking the button Proceed with Installation will make the plugin install the necessary information. Once it finishes, you'll have now the control panel at your disposal:

phpGACL Plugin: Control Panel

The control panel is divided into the following sections:

Users and Groups: where we can import our existing groups and/or users into phpGACL, add/edit/remove users, add/edit/remove groups, and assign users to groups (by editing the user.)
Protectable Elements: where we can import our current controllers and their actions into phpGACL, and define new controllable elements by categorizing them into Categories/Sections, and define new types of access we can offer to our controllable elements.
Access Control: where we can define what can each group access, and check the permissions a group has assigned (so we can clearly see what a group can access, and what it cannot.)
Help: offers documentation on how to protect our controllers after we have set up all the necessary data.

Let's continue by importing our Groups and Users into phpGACL. To do that, we will need our CakePHP application where the plugin resides to have models that describe any of these tables. We click on Import Groups / Users and we get the following screen:

phpGACL Plugin: Import Groups and Users

In that screen we can define which model describes our Group table (if we have any), and which one our User table. For each selected model we can define which field will act as the identifier, and which will be the descriptive name. After selecting the right options, we click Import groups and users and our data will now be available in phpGACL (which you can check by going to the options Users and Groups under the section Users and Groups in the control panel.)

The final step to have the minimum data available for protection is to import the controllers, along with their actions, that we want available on phpGACL. We click on Import Controllers / Actions in section Protectable Elements and we get the following screen:

phpGACL Plugin: Import Controllers and Actions

As you can see on that example we have clearly separated those controllers that are part of our CakePHP application, and those that belong to different plugins. Selecting the actions we want imported for each controller, and then clicking the button Save controllers and actions will import this information into phpGACL. If in the future we add new controllers/plugins to our application, we can allways go back and find the new controllers ready to be imported.

The final step is actually enabling protection for our controllers/actions. Follow the instructions described in the option How to use phpGACL to protect your controllers located in section Help of the control panel. Our next articles on the subject will give you examples on how you can also protect other elements, so stay tuned!