/**
* Checks if the given $aro has access to action $action in $aco
* Check returns true once permissions are found, in following order:
* User node
* User::parentNode() node
* Groupnodes of Groups that User has habtm links to
*
* @param string $aro ARO The requesting object identifier.
* @param string $aco ACO The controlled object identifier.
* @param string $action Action (defaults to *)
* @return boolean Success (true if ARO has access to action in ACO, false otherwise)
*/
public function check($aro, $aco, $action = "*")
{
if (parent::check($aro, $aco, $action)) {
return true;
}
extract($this->settings);
$User = ClassRegistry::init($userModel);
list($plugin, $groupAlias) = pluginSplit($groupAlias);
list($joinModel) = $User->joinModel($User->hasAndBelongsToMany[$groupAlias]['with']);
$userField = $User->hasAndBelongsToMany[$groupAlias]['foreignKey'];
$groupField = $User->hasAndBelongsToMany[$groupAlias]['associationForeignKey'];
$node = $this->Acl->Aro->node($aro);
$userId = Hash::extract($node, '0.Aro.foreign_key');
$groupIDs = ClassRegistry::init($joinModel)->find('list', array('fields' => array($groupField), 'conditions' => array($userField => $userId), 'recursive' => -1));
foreach ((array) $groupIDs as $groupID) {
$aro = array('model' => $groupAlias, 'foreign_key' => $groupID);
$allowed = parent::check($aro, $aco, $action);
if ($allowed) {
return true;
}
}
return false;
}
