From e770c7a72d338d58995261f5e9d2e68d33a51e0f Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Sun, 29 Jan 2012 13:54:26 -0500
Subject: [PATCH] Split the AclComponent classes up.

Refs #2514
---
 .../Controller/Component/Acl/AclInterface.php |  69 +++
 lib/Cake/Controller/Component/Acl/DbAcl.php   | 293 ++++++++++
 lib/Cake/Controller/Component/Acl/IniAcl.php  | 174 ++++++
 .../Controller/Component/AclComponent.php     | 505 +-----------------
 lib/Cake/Core/App.php                         |   3 +
 .../Case/Controller/Component/DbAclTest.php   |   3 +-
 .../Case/Controller/Component/IniAclTest.php  |   4 +-
 7 files changed, 547 insertions(+), 504 deletions(-)
 create mode 100644 lib/Cake/Controller/Component/Acl/AclInterface.php
 create mode 100644 lib/Cake/Controller/Component/Acl/DbAcl.php
 create mode 100644 lib/Cake/Controller/Component/Acl/IniAcl.php

diff --git a/lib/Cake/Controller/Component/Acl/AclInterface.php b/lib/Cake/Controller/Component/Acl/AclInterface.php
new file mode 100644
index 000000000..ff8961f29
--- /dev/null
+++ b/lib/Cake/Controller/Component/Acl/AclInterface.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
+ * Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link          http://cakephp.org CakePHP(tm) Project
+ * @package       Cake.Controller.Component
+ * @since         CakePHP(tm) v 0.10.0.1076
+ * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+
+/**
+ * Access Control List interface.
+ * Implementing classes are used by AclComponent to perform ACL checks in Cake.
+ *
+ * @package       Cake.Controller.Component
+ */
+interface AclInterface {
+
+/**
+ * Empty method to be overridden in subclasses
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ */
+	public function check($aro, $aco, $action = "*");
+
+/**
+ * Allow methods are used to grant an ARO access to an ACO.
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ */
+	public function allow($aro, $aco, $action = "*");
+
+/**
+ * Deny methods are used to remove permission from an ARO to access an ACO.
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ */
+	public function deny($aro, $aco, $action = "*");
+
+/**
+ * Inherit methods modify the permission for an ARO to be that of its parent object.
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ */
+	public function inherit($aro, $aco, $action = "*");
+
+/**
+ * Initialization method for the Acl implementation
+ *
+ * @param AclComponent $component
+ */
+	public function initialize($component);
+}
diff --git a/lib/Cake/Controller/Component/Acl/DbAcl.php b/lib/Cake/Controller/Component/Acl/DbAcl.php
new file mode 100644
index 000000000..a219a6e95
--- /dev/null
+++ b/lib/Cake/Controller/Component/Acl/DbAcl.php
@@ -0,0 +1,293 @@
+<?php
+/**
+ * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
+ * Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link          http://cakephp.org CakePHP(tm) Project
+ * @package       Cake.Controller.Component
+ * @since         CakePHP(tm) v 0.10.0.1076
+ * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+App::uses('AclInterface', 'Controller/Component/Acl');
+
+/**
+ * DbAcl implements an ACL control system in the database.  ARO's and ACO's are
+ * structured into trees and a linking table is used to define permissions.  You
+ * can install the schema for DbAcl with the Schema Shell.
+ *
+ * `$aco` and `$aro` parameters can be slash delimited paths to tree nodes.
+ *
+ * eg. `controllers/Users/edit`
+ *
+ * Would point to a tree structure like
+ *
+ * {{{
+ *	controllers
+ *		Users
+ *			edit
+ * }}}
+ *
+ * @package       Cake.Controller.Component
+ */
+class DbAcl extends Object implements AclInterface {
+
+/**
+ * Constructor
+ *
+ */
+	public function __construct() {
+		parent::__construct();
+		App::uses('AclNode', 'Model');
+		$this->Aro = ClassRegistry::init(array('class' => 'Aro', 'alias' => 'Aro'));
+		$this->Aco = ClassRegistry::init(array('class' => 'Aco', 'alias' => 'Aco'));
+	}
+
+/**
+ * Initializes the containing component and sets the Aro/Aco objects to it.
+ *
+ * @param AclComponent $component
+ * @return void
+ */
+	public function initialize($component) {
+		$component->Aro = $this->Aro;
+		$component->Aco = $this->Aco;
+	}
+
+/**
+ * Checks if the given $aro has access to action $action in $aco
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success (true if ARO has access to action in ACO, false otherwise)
+ * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#checking-permissions-the-acl-component
+ */
+	public function check($aro, $aco, $action = "*") {
+		if ($aro == null || $aco == null) {
+			return false;
+		}
+
+		$permKeys = $this->_getAcoKeys($this->Aro->Permission->schema());
+		$aroPath = $this->Aro->node($aro);
+		$acoPath = $this->Aco->node($aco);
+
+		if (empty($aroPath) || empty($acoPath)) {
+			trigger_error(__d('cake_dev', "DbAcl::check() - Failed ARO/ACO node lookup in permissions check.  Node references:\nAro: ") . print_r($aro, true) . "\nAco: " . print_r($aco, true), E_USER_WARNING);
+			return false;
+		}
+
+		if ($acoPath == null || $acoPath == array()) {
+			trigger_error(__d('cake_dev', "DbAcl::check() - Failed ACO node lookup in permissions check.  Node references:\nAro: ") . print_r($aro, true) . "\nAco: " . print_r($aco, true), E_USER_WARNING);
+			return false;
+		}
+
+		if ($action != '*' && !in_array('_' . $action, $permKeys)) {
+			trigger_error(__d('cake_dev', "ACO permissions key %s does not exist in DbAcl::check()", $action), E_USER_NOTICE);
+			return false;
+		}
+
+		$inherited = array();
+		$acoIDs = Set::extract($acoPath, '{n}.' . $this->Aco->alias . '.id');
+
+		$count = count($aroPath);
+		for ($i = 0 ; $i < $count; $i++) {
+			$permAlias = $this->Aro->Permission->alias;
+
+			$perms = $this->Aro->Permission->find('all', array(
+				'conditions' => array(
+					"{$permAlias}.aro_id" => $aroPath[$i][$this->Aro->alias]['id'],
+					"{$permAlias}.aco_id" => $acoIDs
+				),
+				'order' => array($this->Aco->alias . '.lft' => 'desc'),
+				'recursive' => 0
+			));
+
+			if (empty($perms)) {
+				continue;
+			} else {
+				$perms = Set::extract($perms, '{n}.' . $this->Aro->Permission->alias);
+				foreach ($perms as $perm) {
+					if ($action == '*') {
+
+						foreach ($permKeys as $key) {
+							if (!empty($perm)) {
+								if ($perm[$key] == -1) {
+									return false;
+								} elseif ($perm[$key] == 1) {
+									$inherited[$key] = 1;
+								}
+							}
+						}
+
+						if (count($inherited) === count($permKeys)) {
+							return true;
+						}
+					} else {
+						switch ($perm['_' . $action]) {
+							case -1:
+								return false;
+							case 0:
+								continue;
+							break;
+							case 1:
+								return true;
+							break;
+						}
+					}
+				}
+			}
+		}
+		return false;
+	}
+
+/**
+ * Allow $aro to have access to action $actions in $aco
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $actions Action (defaults to *)
+ * @param integer $value Value to indicate access type (1 to give access, -1 to deny, 0 to inherit)
+ * @return boolean Success
+ * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
+ */
+	public function allow($aro, $aco, $actions = "*", $value = 1) {
+		$perms = $this->getAclLink($aro, $aco);
+		$permKeys = $this->_getAcoKeys($this->Aro->Permission->schema());
+		$save = array();
+
+		if ($perms == false) {
+			trigger_error(__d('cake_dev', 'DbAcl::allow() - Invalid node'), E_USER_WARNING);
+			return false;
+		}
+		if (isset($perms[0])) {
+			$save = $perms[0][$this->Aro->Permission->alias];
+		}
+
+		if ($actions == "*") {
+			$permKeys = $this->_getAcoKeys($this->Aro->Permission->schema());
+			$save = array_combine($permKeys, array_pad(array(), count($permKeys), $value));
+		} else {
+			if (!is_array($actions)) {
+				$actions = array('_' . $actions);
+			}
+			if (is_array($actions)) {
+				foreach ($actions as $action) {
+					if ($action{0} != '_') {
+						$action = '_' . $action;
+					}
+					if (in_array($action, $permKeys)) {
+						$save[$action] = $value;
+					}
+				}
+			}
+		}
+		list($save['aro_id'], $save['aco_id']) = array($perms['aro'], $perms['aco']);
+
+		if ($perms['link'] != null && !empty($perms['link'])) {
+			$save['id'] = $perms['link'][0][$this->Aro->Permission->alias]['id'];
+		} else {
+			unset($save['id']);
+			$this->Aro->Permission->id = null;
+		}
+		return ($this->Aro->Permission->save($save) !== false);
+	}
+
+/**
+ * Deny access for $aro to action $action in $aco
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
+ */
+	public function deny($aro, $aco, $action = "*") {
+		return $this->allow($aro, $aco, $action, -1);
+	}
+
+/**
+ * Let access for $aro to action $action in $aco be inherited
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ */
+	public function inherit($aro, $aco, $action = "*") {
+		return $this->allow($aro, $aco, $action, 0);
+	}
+
+/**
+ * Allow $aro to have access to action $actions in $aco
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ * @see allow()
+ */
+	public function grant($aro, $aco, $action = "*") {
+		return $this->allow($aro, $aco, $action);
+	}
+
+/**
+ * Deny access for $aro to action $action in $aco
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ * @see deny()
+ */
+	public function revoke($aro, $aco, $action = "*") {
+		return $this->deny($aro, $aco, $action);
+	}
+
+/**
+ * Get an array of access-control links between the given Aro and Aco
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @return array Indexed array with: 'aro', 'aco' and 'link'
+ */
+	public function getAclLink($aro, $aco) {
+		$obj = array();
+		$obj['Aro'] = $this->Aro->node($aro);
+		$obj['Aco'] = $this->Aco->node($aco);
+
+		if (empty($obj['Aro']) || empty($obj['Aco'])) {
+			return false;
+		}
+
+		return array(
+			'aro' => Set::extract($obj, 'Aro.0.' . $this->Aro->alias . '.id'),
+			'aco' => Set::extract($obj, 'Aco.0.' . $this->Aco->alias . '.id'),
+			'link' => $this->Aro->Permission->find('all', array('conditions' => array(
+				$this->Aro->Permission->alias . '.aro_id' => Set::extract($obj, 'Aro.0.' . $this->Aro->alias . '.id'),
+				$this->Aro->Permission->alias . '.aco_id' => Set::extract($obj, 'Aco.0.' . $this->Aco->alias . '.id')
+			)))
+		);
+	}
+
+/**
+ * Get the keys used in an ACO
+ *
+ * @param array $keys Permission model info
+ * @return array ACO keys
+ */
+	protected function _getAcoKeys($keys) {
+		$newKeys = array();
+		$keys = array_keys($keys);
+		foreach ($keys as $key) {
+			if (!in_array($key, array('id', 'aro_id', 'aco_id'))) {
+				$newKeys[] = $key;
+			}
+		}
+		return $newKeys;
+	}
+}
+
diff --git a/lib/Cake/Controller/Component/Acl/IniAcl.php b/lib/Cake/Controller/Component/Acl/IniAcl.php
new file mode 100644
index 000000000..930d0a0a3
--- /dev/null
+++ b/lib/Cake/Controller/Component/Acl/IniAcl.php
@@ -0,0 +1,174 @@
+<?php
+/**
+ * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
+ * Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
+ * @link          http://cakephp.org CakePHP(tm) Project
+ * @package       Cake.Controller.Component
+ * @since         CakePHP(tm) v 0.10.0.1076
+ * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+App::uses('AclInterface', 'Controller/Component/Acl');
+
+/**
+ * IniAcl implements an access control system using an INI file.  An example
+ * of the ini file used can be found in /config/acl.ini.php.
+ *
+ * @package       Cake.Controller.Component
+ */
+class IniAcl extends Object implements AclInterface {
+
+/**
+ * Array with configuration, parsed from ini file
+ *
+ * @var array
+ */
+	public $config = null;
+
+/**
+ * The Set::classicExtract() path to the user/aro identifier in the
+ * acl.ini file.  This path will be used to extract the string
+ * representation of a user used in the ini file.
+ *
+ * @var string
+ */
+	public $userPath = 'User.username';
+
+/**
+ * Initialize method
+ *
+ * @param AclBase $component
+ * @return void
+ */
+	public function initialize($component) {
+
+	}
+
+/**
+ * No op method, allow cannot be done with IniAcl
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ */
+	public function allow($aro, $aco, $action = "*") {
+
+	}
+
+/**
+ * No op method, deny cannot be done with IniAcl
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ */
+	public function deny($aro, $aco, $action = "*") {
+
+	}
+
+/**
+ * No op method, inherit cannot be done with IniAcl
+ *
+ * @param string $aro ARO The requesting object identifier.
+ * @param string $aco ACO The controlled object identifier.
+ * @param string $action Action (defaults to *)
+ * @return boolean Success
+ */
+	public function inherit($aro, $aco, $action = "*") {
+
+	}
+
+/**
+ * Main ACL check function. Checks to see if the ARO (access request object) has access to the
+ * ACO (access control object).Looks at the acl.ini.php file for permissions
+ * (see instructions in /config/acl.ini.php).
+ *
+ * @param string $aro ARO
+ * @param string $aco ACO
+ * @param string $aco_action Action
+ * @return boolean Success
+ */
+	public function check($aro, $aco, $aco_action = null) {
+		if ($this->config == null) {
+			$this->config = $this->readConfigFile(APP . 'Config' . DS . 'acl.ini.php');
+		}
+		$aclConfig = $this->config;
+
+		if (is_array($aro)) {
+			$aro = Set::classicExtract($aro, $this->userPath);
+		}
+
+		if (isset($aclConfig[$aro]['deny'])) {
+			$userDenies = $this->arrayTrim(explode(",", $aclConfig[$aro]['deny']));
+
+			if (array_search($aco, $userDenies)) {
+				return false;
+			}
+		}
+
+		if (isset($aclConfig[$aro]['allow'])) {
+			$userAllows = $this->arrayTrim(explode(",", $aclConfig[$aro]['allow']));
+
+			if (array_search($aco, $userAllows)) {
+				return true;
+			}
+		}
+
+		if (isset($aclConfig[$aro]['groups'])) {
+			$userGroups = $this->arrayTrim(explode(",", $aclConfig[$aro]['groups']));
+
+			foreach ($userGroups as $group) {
+				if (array_key_exists($group, $aclConfig)) {
+					if (isset($aclConfig[$group]['deny'])) {
+						$groupDenies = $this->arrayTrim(explode(",", $aclConfig[$group]['deny']));
+
+						if (array_search($aco, $groupDenies)) {
+							return false;
+						}
+					}
+
+					if (isset($aclConfig[$group]['allow'])) {
+						$groupAllows = $this->arrayTrim(explode(",", $aclConfig[$group]['allow']));
+
+						if (array_search($aco, $groupAllows)) {
+							return true;
+						}
+					}
+				}
+			}
+		}
+		return false;
+	}
+
+/**
+ * Parses an INI file and returns an array that reflects the INI file's section structure. Double-quote friendly.
+ *
+ * @param string $filename File
+ * @return array INI section structure
+ */
+	public function readConfigFile($filename) {
+		App::uses('IniReader', 'Configure');
+		$iniFile = new IniReader(dirname($filename) . DS);
+		return $iniFile->read(basename($filename));
+	}
+
+/**
+ * Removes trailing spaces on all array elements (to prepare for searching)
+ *
+ * @param array $array Array to trim
+ * @return array Trimmed array
+ */
+	public function arrayTrim($array) {
+		foreach ($array as $key => $value) {
+			$array[$key] = trim($value);
+		}
+		array_unshift($array, "");
+		return $array;
+	}
+}
diff --git a/lib/Cake/Controller/Component/AclComponent.php b/lib/Cake/Controller/Component/AclComponent.php
index 73d7506a9..03e5fc730 100644
--- a/lib/Cake/Controller/Component/AclComponent.php
+++ b/lib/Cake/Controller/Component/AclComponent.php
@@ -1,11 +1,5 @@
 <?php
 /**
- * Access Control List factory class.
- *
- * Permissions system.
- *
- * PHP 5
- *
  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
  * Copyright 2005-2011, Cake Software Foundation, Inc. (http://cakefoundation.org)
  *
@@ -18,8 +12,8 @@
  * @since         CakePHP(tm) v 0.10.0.1076
  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
-
 App::uses('Component', 'Controller');
+App::uses('AclInterface', 'Controller/Component/Acl');
 
 /**
  * Access Control List factory class.
@@ -65,10 +59,12 @@ class AclComponent extends Component {
 		parent::__construct($collection, $settings);
 		$name = Inflector::camelize(strtolower(Configure::read('Acl.classname')));
 		if (!class_exists($name)) {
-			if (App::import('Component', $name)) {
-				list($plugin, $name) = pluginSplit($name);
+			list($plugin, $name) = pluginSplit($name, true);
+			App::uses($name . 'Component', $plugin . 'Controller/Component');
+			App::uses($name, 'Controller/Component/Acl');
+			if (class_exists($name . 'Component')) {
 				$name .= 'Component';
-			} else {
+			} elseif (!class_exists($name)) {
 				throw new CakeException(__d('cake_dev', 'Could not find %s.', $name));
 			}
 		}
@@ -183,493 +179,4 @@ class AclComponent extends Component {
 	}
 }
 
-/**
- * Access Control List interface.
- * Implementing classes are used by AclComponent to perform ACL checks in Cake.
- *
- * @package       Cake.Controller.Component
- */
-interface AclInterface {
 
-/**
- * Empty method to be overridden in subclasses
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- */
-	public function check($aro, $aco, $action = "*");
-
-/**
- * Allow methods are used to grant an ARO access to an ACO.
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- */
-	public function allow($aro, $aco, $action = "*");
-
-/**
- * Deny methods are used to remove permission from an ARO to access an ACO.
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- */
-	public function deny($aro, $aco, $action = "*");
-
-/**
- * Inherit methods modify the permission for an ARO to be that of its parent object.
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- */
-	public function inherit($aro, $aco, $action = "*");
-
-/**
- * Initialization method for the Acl implementation
- *
- * @param AclComponent $component
- */
-	public function initialize($component);
-}
-
-/**
- * DbAcl implements an ACL control system in the database.  ARO's and ACO's are
- * structured into trees and a linking table is used to define permissions.  You
- * can install the schema for DbAcl with the Schema Shell.
- *
- * `$aco` and `$aro` parameters can be slash delimited paths to tree nodes.
- *
- * eg. `controllers/Users/edit`
- *
- * Would point to a tree structure like
- *
- * {{{
- *	controllers
- *		Users
- *			edit
- * }}}
- *
- * @package       Cake.Controller.Component
- */
-class DbAcl extends Object implements AclInterface {
-
-/**
- * Constructor
- *
- */
-	public function __construct() {
-		parent::__construct();
-		App::uses('AclNode', 'Model');
-		$this->Aro = ClassRegistry::init(array('class' => 'Aro', 'alias' => 'Aro'));
-		$this->Aco = ClassRegistry::init(array('class' => 'Aco', 'alias' => 'Aco'));
-	}
-
-/**
- * Initializes the containing component and sets the Aro/Aco objects to it.
- *
- * @param AclComponent $component
- * @return void
- */
-	public function initialize($component) {
-		$component->Aro = $this->Aro;
-		$component->Aco = $this->Aco;
-	}
-
-/**
- * Checks if the given $aro has access to action $action in $aco
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success (true if ARO has access to action in ACO, false otherwise)
- * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#checking-permissions-the-acl-component
- */
-	public function check($aro, $aco, $action = "*") {
-		if ($aro == null || $aco == null) {
-			return false;
-		}
-
-		$permKeys = $this->_getAcoKeys($this->Aro->Permission->schema());
-		$aroPath = $this->Aro->node($aro);
-		$acoPath = $this->Aco->node($aco);
-
-		if (empty($aroPath) || empty($acoPath)) {
-			trigger_error(__d('cake_dev', "DbAcl::check() - Failed ARO/ACO node lookup in permissions check.  Node references:\nAro: ") . print_r($aro, true) . "\nAco: " . print_r($aco, true), E_USER_WARNING);
-			return false;
-		}
-
-		if ($acoPath == null || $acoPath == array()) {
-			trigger_error(__d('cake_dev', "DbAcl::check() - Failed ACO node lookup in permissions check.  Node references:\nAro: ") . print_r($aro, true) . "\nAco: " . print_r($aco, true), E_USER_WARNING);
-			return false;
-		}
-
-		if ($action != '*' && !in_array('_' . $action, $permKeys)) {
-			trigger_error(__d('cake_dev', "ACO permissions key %s does not exist in DbAcl::check()", $action), E_USER_NOTICE);
-			return false;
-		}
-
-		$inherited = array();
-		$acoIDs = Set::extract($acoPath, '{n}.' . $this->Aco->alias . '.id');
-
-		$count = count($aroPath);
-		for ($i = 0 ; $i < $count; $i++) {
-			$permAlias = $this->Aro->Permission->alias;
-
-			$perms = $this->Aro->Permission->find('all', array(
-				'conditions' => array(
-					"{$permAlias}.aro_id" => $aroPath[$i][$this->Aro->alias]['id'],
-					"{$permAlias}.aco_id" => $acoIDs
-				),
-				'order' => array($this->Aco->alias . '.lft' => 'desc'),
-				'recursive' => 0
-			));
-
-			if (empty($perms)) {
-				continue;
-			} else {
-				$perms = Set::extract($perms, '{n}.' . $this->Aro->Permission->alias);
-				foreach ($perms as $perm) {
-					if ($action == '*') {
-
-						foreach ($permKeys as $key) {
-							if (!empty($perm)) {
-								if ($perm[$key] == -1) {
-									return false;
-								} elseif ($perm[$key] == 1) {
-									$inherited[$key] = 1;
-								}
-							}
-						}
-
-						if (count($inherited) === count($permKeys)) {
-							return true;
-						}
-					} else {
-						switch ($perm['_' . $action]) {
-							case -1:
-								return false;
-							case 0:
-								continue;
-							break;
-							case 1:
-								return true;
-							break;
-						}
-					}
-				}
-			}
-		}
-		return false;
-	}
-
-/**
- * Allow $aro to have access to action $actions in $aco
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $actions Action (defaults to *)
- * @param integer $value Value to indicate access type (1 to give access, -1 to deny, 0 to inherit)
- * @return boolean Success
- * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
- */
-	public function allow($aro, $aco, $actions = "*", $value = 1) {
-		$perms = $this->getAclLink($aro, $aco);
-		$permKeys = $this->_getAcoKeys($this->Aro->Permission->schema());
-		$save = array();
-
-		if ($perms == false) {
-			trigger_error(__d('cake_dev', 'DbAcl::allow() - Invalid node'), E_USER_WARNING);
-			return false;
-		}
-		if (isset($perms[0])) {
-			$save = $perms[0][$this->Aro->Permission->alias];
-		}
-
-		if ($actions == "*") {
-			$permKeys = $this->_getAcoKeys($this->Aro->Permission->schema());
-			$save = array_combine($permKeys, array_pad(array(), count($permKeys), $value));
-		} else {
-			if (!is_array($actions)) {
-				$actions = array('_' . $actions);
-			}
-			if (is_array($actions)) {
-				foreach ($actions as $action) {
-					if ($action{0} != '_') {
-						$action = '_' . $action;
-					}
-					if (in_array($action, $permKeys)) {
-						$save[$action] = $value;
-					}
-				}
-			}
-		}
-		list($save['aro_id'], $save['aco_id']) = array($perms['aro'], $perms['aco']);
-
-		if ($perms['link'] != null && !empty($perms['link'])) {
-			$save['id'] = $perms['link'][0][$this->Aro->Permission->alias]['id'];
-		} else {
-			unset($save['id']);
-			$this->Aro->Permission->id = null;
-		}
-		return ($this->Aro->Permission->save($save) !== false);
-	}
-
-/**
- * Deny access for $aro to action $action in $aco
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- * @link http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html#assigning-permissions
- */
-	public function deny($aro, $aco, $action = "*") {
-		return $this->allow($aro, $aco, $action, -1);
-	}
-
-/**
- * Let access for $aro to action $action in $aco be inherited
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- */
-	public function inherit($aro, $aco, $action = "*") {
-		return $this->allow($aro, $aco, $action, 0);
-	}
-
-/**
- * Allow $aro to have access to action $actions in $aco
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- * @see allow()
- */
-	public function grant($aro, $aco, $action = "*") {
-		return $this->allow($aro, $aco, $action);
-	}
-
-/**
- * Deny access for $aro to action $action in $aco
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- * @see deny()
- */
-	public function revoke($aro, $aco, $action = "*") {
-		return $this->deny($aro, $aco, $action);
-	}
-
-/**
- * Get an array of access-control links between the given Aro and Aco
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @return array Indexed array with: 'aro', 'aco' and 'link'
- */
-	public function getAclLink($aro, $aco) {
-		$obj = array();
-		$obj['Aro'] = $this->Aro->node($aro);
-		$obj['Aco'] = $this->Aco->node($aco);
-
-		if (empty($obj['Aro']) || empty($obj['Aco'])) {
-			return false;
-		}
-
-		return array(
-			'aro' => Set::extract($obj, 'Aro.0.' . $this->Aro->alias . '.id'),
-			'aco' => Set::extract($obj, 'Aco.0.' . $this->Aco->alias . '.id'),
-			'link' => $this->Aro->Permission->find('all', array('conditions' => array(
-				$this->Aro->Permission->alias . '.aro_id' => Set::extract($obj, 'Aro.0.' . $this->Aro->alias . '.id'),
-				$this->Aro->Permission->alias . '.aco_id' => Set::extract($obj, 'Aco.0.' . $this->Aco->alias . '.id')
-			)))
-		);
-	}
-
-/**
- * Get the keys used in an ACO
- *
- * @param array $keys Permission model info
- * @return array ACO keys
- */
-	protected function _getAcoKeys($keys) {
-		$newKeys = array();
-		$keys = array_keys($keys);
-		foreach ($keys as $key) {
-			if (!in_array($key, array('id', 'aro_id', 'aco_id'))) {
-				$newKeys[] = $key;
-			}
-		}
-		return $newKeys;
-	}
-}
-
-/**
- * IniAcl implements an access control system using an INI file.  An example
- * of the ini file used can be found in /config/acl.ini.php.
- *
- * @package       Cake.Controller.Component
- */
-class IniAcl extends Object implements AclInterface {
-
-/**
- * Array with configuration, parsed from ini file
- *
- * @var array
- */
-	public $config = null;
-
-/**
- * The Set::classicExtract() path to the user/aro identifier in the
- * acl.ini file.  This path will be used to extract the string
- * representation of a user used in the ini file.
- *
- * @var string
- */
-	public $userPath = 'User.username';
-
-/**
- * Initialize method
- *
- * @param AclBase $component
- * @return void
- */
-	public function initialize($component) {
-
-	}
-
-/**
- * No op method, allow cannot be done with IniAcl
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- */
-	public function allow($aro, $aco, $action = "*") {
-
-	}
-
-/**
- * No op method, deny cannot be done with IniAcl
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- */
-	public function deny($aro, $aco, $action = "*") {
-
-	}
-
-/**
- * No op method, inherit cannot be done with IniAcl
- *
- * @param string $aro ARO The requesting object identifier.
- * @param string $aco ACO The controlled object identifier.
- * @param string $action Action (defaults to *)
- * @return boolean Success
- */
-	public function inherit($aro, $aco, $action = "*") {
-
-	}
-
-/**
- * Main ACL check function. Checks to see if the ARO (access request object) has access to the
- * ACO (access control object).Looks at the acl.ini.php file for permissions
- * (see instructions in /config/acl.ini.php).
- *
- * @param string $aro ARO
- * @param string $aco ACO
- * @param string $aco_action Action
- * @return boolean Success
- */
-	public function check($aro, $aco, $aco_action = null) {
-		if ($this->config == null) {
-			$this->config = $this->readConfigFile(APP . 'Config' . DS . 'acl.ini.php');
-		}
-		$aclConfig = $this->config;
-
-		if (is_array($aro)) {
-			$aro = Set::classicExtract($aro, $this->userPath);
-		}
-
-		if (isset($aclConfig[$aro]['deny'])) {
-			$userDenies = $this->arrayTrim(explode(",", $aclConfig[$aro]['deny']));
-
-			if (array_search($aco, $userDenies)) {
-				return false;
-			}
-		}
-
-		if (isset($aclConfig[$aro]['allow'])) {
-			$userAllows = $this->arrayTrim(explode(",", $aclConfig[$aro]['allow']));
-
-			if (array_search($aco, $userAllows)) {
-				return true;
-			}
-		}
-
-		if (isset($aclConfig[$aro]['groups'])) {
-			$userGroups = $this->arrayTrim(explode(",", $aclConfig[$aro]['groups']));
-
-			foreach ($userGroups as $group) {
-				if (array_key_exists($group, $aclConfig)) {
-					if (isset($aclConfig[$group]['deny'])) {
-						$groupDenies = $this->arrayTrim(explode(",", $aclConfig[$group]['deny']));
-
-						if (array_search($aco, $groupDenies)) {
-							return false;
-						}
-					}
-
-					if (isset($aclConfig[$group]['allow'])) {
-						$groupAllows = $this->arrayTrim(explode(",", $aclConfig[$group]['allow']));
-
-						if (array_search($aco, $groupAllows)) {
-							return true;
-						}
-					}
-				}
-			}
-		}
-		return false;
-	}
-
-/**
- * Parses an INI file and returns an array that reflects the INI file's section structure. Double-quote friendly.
- *
- * @param string $filename File
- * @return array INI section structure
- */
-	public function readConfigFile($filename) {
-		App::uses('IniReader', 'Configure');
-		$iniFile = new IniReader(dirname($filename) . DS);
-		return $iniFile->read(basename($filename));
-	}
-
-/**
- * Removes trailing spaces on all array elements (to prepare for searching)
- *
- * @param array $array Array to trim
- * @return array Trimmed array
- */
-	public function arrayTrim($array) {
-		foreach ($array as $key => $value) {
-			$array[$key] = trim($value);
-		}
-		array_unshift($array, "");
-		return $array;
-	}
-}
diff --git a/lib/Cake/Core/App.php b/lib/Cake/Core/App.php
index 6bec13c5c..2cb23bdfe 100644
--- a/lib/Cake/Core/App.php
+++ b/lib/Cake/Core/App.php
@@ -831,6 +831,9 @@ class App {
 				'Controller/Component/Auth' => array(
 					'%s' . 'Controller' . DS . 'Component' . DS . 'Auth' . DS
 				),
+				'Controller/Component/Acl' => array(
+					'%s' . 'Controller' . DS . 'Component' . DS . 'Acl' . DS
+				),
 				'View' => array(
 					'%s' . 'View' . DS
 				),
diff --git a/lib/Cake/Test/Case/Controller/Component/DbAclTest.php b/lib/Cake/Test/Case/Controller/Component/DbAclTest.php
index 8ab493808..8546764a6 100644
--- a/lib/Cake/Test/Case/Controller/Component/DbAclTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/DbAclTest.php
@@ -17,9 +17,8 @@
  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
 
-App::uses('AclComponent', 'Controller/Component');
+App::uses('DbAcl', 'Controller/Component/Acl');
 App::uses('AclNode', 'Model');
-class_exists('AclComponent');
 
 /**
  * AclNodeTwoTestBase class
diff --git a/lib/Cake/Test/Case/Controller/Component/IniAclTest.php b/lib/Cake/Test/Case/Controller/Component/IniAclTest.php
index 402827880..6713fecdf 100644
--- a/lib/Cake/Test/Case/Controller/Component/IniAclTest.php
+++ b/lib/Cake/Test/Case/Controller/Component/IniAclTest.php
@@ -16,9 +16,7 @@
  * @since         CakePHP(tm) v 2.0
  * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
-
-App::uses('AclComponent', 'Controller/Component');
-class_exists('AclComponent');
+App::uses('IniAcl', 'Controller/Component/Acl');
 
 /**
  * Test case for the IniAcl implementation