In CakePHP, when you are using Acl/Auth, do you need to have Routing.prefixes enabled to control admin access? Or should you just rely on Acl/Auth and get rid of all admin_xxx actions.
I am learning CakePHP and got confused along the way with authentication. So I started with enabling Routing.prefixes. In the course of my app development I have slowly started to migrate to Acl/Auth. I will have several groups of users such as admins, contributors, sponsors and users. I had read before that Routing.prefixes only applies when you only have 1 admin.
As an example I have the following:
<?php
class ArticlesController extends AppController{
// Helpers and Components will be included here....
$this->Auth->allow('*')
function admin_add(){
$this->layout = 'admin'
//...
}
}
If I am able to get rid of Admin Routing, should I do the following?
<?php
class ArticlesController extends AppController{
// Helpers and Components will be included here....
$this->Auth->allow('*')
// Control access to add() using ACL to only allow admin/contributors to use this action
function add(){
$this->layout = 'admin'
//...
}
}
Is this the correct approach?
Basically, the routing.prefixes is a great way for making an admin-area if you have a straight line between ‘normal’ users and admins and don’t need to cut rights from some admins or make one user more privileged than the other.
But if you will have very different rights, groups and things you need to allow and deny between many different groups and/or users, ACL is the correct approach.
You don’t need the Routing.prexfixes anymore if you use ACL and your approach would be totally correct.