Sounds like what you’re looking for is RBAC, not ACL. The CakePHP authorization plugin doesn’t specifically include any implementation for that, but GitHub - CakeDC/users: Users Plugin for CakePHP does.
If sounds like you need three roles: “article and post admin”, “user admin” and “other admin”. If that sounds right, and if you have multiple “user admin” people, for example, then this is role-based, aka RBAC.
If you would have one admin that can manage some users, and a different admin would manage a different set of users, that’s ACL.
I did something similar to what you need. Basically, I created a database-table (let’s call it UserAccess) to store the permission (access) each user has.
Based on this ‘permission’, I use the Policy files to determine whether the user has access to that particular action.
Example assuming that my UserAccess table contains the column hasEditPermission
// snippet of Policy file example
public function canEdit(IdentityInterface $user, Article $article)
{
if( $user->UserAccess->hasEditPermission ) {
return true;
}
}