How is it correct to check an acl permission? For example is contradictory to check a permission for add aco and action read, right? I only should check permission for add aco and create action, edit aco and update action and delete aco and delete action, and for index and view acos I should check all actions, right?
you have to create polices or you can use Authentication plugin GitHub - CakeDC/users: Users Plugin for CakePHP.
this is called a RBAC system, so its just role based permission, if user have valid role then he/she can access that controller method.
Before using RBAC system, you must read complete docs first
You should pay attention to what you read, I am asking about acl not cakedc users.
I read a bit about acl, but all the documentation is about cakephp 1.x or 2.x and is very different in cakephp 4.x
yes I read it all sir, I know what do you want. Read docs this plugin or cakephp docs then you will get points.
There is no official documentation about acl in cakephp 4.x, can you tell me please where I can find a kind of help for acl in cakephp 4.x? I could implement it but I have some doubts
See CakeDC | Integrating Users and ACL plugins in CakePHP | The minds behind CakePHP on how to integrate ACL with CakePHP (even if its CakePHP 3 and not 4)
In this specific scenario they use cakedc/users as the base auth system BUT do keep in mind:
the ACL plugin is just a model behavior which checks if a given requester (ARO) has access to a given object (ACO) via a action.
so it doesn’t really matter if you use the new auth plugins or something older.