CakePHP custom ACL Authorization using acos, aros & aros_acos Acl tables with extension api_

Question

I am developing an restful API using CakePHP, I am trying to implement a custom authorization which authorize user using ACL, code looks something like

<?php
App::uses('BaseAuthorize', 'Controller/Component/Auth');

class ApiAuthorize extends BaseAuthorize {
     public function authorize($user, CakeRequest $request) { 
                $allowed = false;
        $Acl = $this->_Collection->load('Acl'); 
        list($plugin, $userModel) = pluginSplit($this->settings['userModel']);
        $action = $this->action($request); 

        $cacheName = 'permissions_' . strval($user['id']); 
        if (($permissions = Cache::read($cacheName, 'permissions')) === false) {
            $permissions = array(); 
            Cache::write($cacheName, $permissions, 'permissions');
        }
        if (!isset($permissions[$action])) {
            $User = ClassRegistry::init($this->settings['userModel']);
            $User->id = $user['id'];
            $allowed = $Acl->check($User, $action); 
            $permissions[$action] = $allowed;
            Cache::write($cacheName, $permissions, 'permissions');
            $hit = false;
        } else {
            $allowed = $permissions[$action];
            $hit = true;
        }
            return $allowed;
     }
}

I am using same database for website(developed using croogo) and API so my database already has acos, aros & aros_acos tables of website so for API I am created ACL tables with api_ extension like api_acos, api_aros & api_aros_api_acos

New schema of my ACL tables are

CREATE TABLE IF NOT EXISTS `api_acos` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `model` varchar(255) DEFAULT '',
  `foreign_key` int(10) unsigned DEFAULT NULL,
  `alias` varchar(255) DEFAULT '',
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

CREATE TABLE IF NOT EXISTS `api_acos_api_aros` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `api_aro_id` int(10) unsigned NOT NULL,
  `api_aco_id` int(10) unsigned NOT NULL,
  `_create` char(2) NOT NULL DEFAULT '0',
  `_read` char(2) NOT NULL DEFAULT '0',
  `_update` char(2) NOT NULL DEFAULT '0',
  `_delete` char(2) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

CREATE TABLE IF NOT EXISTS `api_aros` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `model` varchar(255) DEFAULT '',
  `foreign_key` int(10) unsigned DEFAULT NULL,
  `alias` varchar(255) DEFAULT '',
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

I am using custom ACL class from here https://github.com/FriendsOfCake/Authorize/blob/master/Controller/Component/Acl/HabtmDbAcl.php

My question is where and how can I use my new database tables (api_acos, api_aros & api_aros_api_acos) for ACL lookup? Please point me to code from where I can take reference for custom ACL Authorization implementation.

Answer 1

I would just reuse the existing acl tables from Croogo with a different root node for API.

This is what the Croogo core is doing too. Unfortunately, the install data does not provide this by default.

You can create the api root node by running the Acl.extras shell:

$ Console/cake acl.extras aco_sync

Welcome to CakePHP v2.5.1 Console
---------------------------------------------------------------
App : croogo-app
Path: /home/rachman/work/personal/deploy/croogo-app/
---------------------------------------------------------------
Skipped Aco node: controllers/Croogo/CroogoError
Created Aco node: controllers/Extensions/ExtensionsDashboard
Created Aco node: controllers/Extensions/ExtensionsDashboard/admin_index
Created Aco node: controllers/Extensions/ExtensionsPlugins/admin_moveup
Created Aco node: controllers/Extensions/ExtensionsPlugins/admin_movedown
Created Aco node: controllers/Menus/Links/admin_link_chooser
Created Aco node: controllers/Menus/Menus/admin_toggle
Created Aco node: controllers/Meta/Meta
Created Aco node: controllers/Meta/Meta/admin_delete_meta
Created Aco node: controllers/Meta/Meta/admin_add_meta
Created Aco node: api/v1_0/Nodes/Nodes/lookup
Created Aco node: api/v1_0/Users/Users/lookup
Created Aco node: controllers/Wysiwyg
Aco Sync Complete

You can manually add the necessary ACOs as per your API requirements, or use the ApiComponent as a base which will enable the extras shell to auto-create it for your later.

The UserApiComponent and NodeApiComponent can provide some example on how to implement API methods.