private function get_first_parent_permission_right($aro_node, $aco_path) { $pk_name = 'id'; if ($aro_node['Aro']['model'] == Configure::read('acl.aro.role.model')) { $pk_name = $this->controller->_get_role_primary_key_name(); } elseif ($aro_node['Aro']['model'] == Configure::read('acl.aro.user.model')) { $pk_name = $this->controller->_get_user_primary_key_name(); } $aro_model_data = array($aro_node['Aro']['model'] => array($pk_name => $aro_node['Aro']['foreign_key'])); $aro_id = $aro_node['Aro']['id']; while (strpos($aco_path, '/') !== false && !isset($parent_permission_right)) { $aco_path = substr($aco_path, 0, strrpos($aco_path, '/')); $parent_aco_node = $this->Acl->Aco->node($aco_path); if (!empty($parent_aco_node)) { $parent_aco_id = $parent_aco_node[0]['Aco']['id']; $parent_permission = $this->Acl->Aro->Permission->find('first', array('conditions' => array('aro_id' => $aro_id, 'aco_id' => $parent_aco_id))); if ($parent_permission !== false) { /* * Check the right (grant => true / deny => false) of this first parent permission */ $parent_permission_right = $this->Acl->check($aro_model_data, $aco_path); if ($parent_permission_right) { return 1; // allowed } else { return -1; // denied } } } } return null; // no parent permission found }