cakephp acl aros_acos paradox

I'm trying to implement an authentication/authorization combo into my cakePHP site using Auth and Acl Components, but something odd is happening with my implementation. I've got the right acos, aros and aros_acos tables, and they seem to work at some level.

I have mapped my actions like this:

$this->Auth->mapActions(array('read' => array('view'), 'update' => array('edit')));

My acos table looks like this:

    1. Site
  • 1.1 Pages
  • 1.2 Users
  • 1.3 Groups
  • 1.4 Admin

and aros table:

    1. users
  • 1.1 editors
  • 1.1.1 admins
  • admin_name
  • 1.2 regular_user

Users, editors and admins are groups. Admin_name is an admin user, member of the admins group, and regular_user is a member of the users group.

Now, in the aros_acos table, if I give 'users' group the CRUD rights for a 'page' like this: 0 1 1 0 (which gives them the right to read and update) then everything works fine (at least for the 'view' and 'edit' actions). But if I put 0 1 0 0 (only the right to read) then I get redirected to '/', and one particular thing that I have noticed is that it doesn't call the app_controller or at least the beforeFilter() function in the app_controller.

Moreover, I've written the beforeFilter() so that when a user does not have access to a crud, to give him a $this->flash message, letting him know that he is "not authorized" (I had to do this, as $this->Auth->authError doesn't seem to work). So, with that in mind, I now rewrite the aros_acos table for the users group like this: 0 0 1 0 ( permission only to update ) and this time I get the flash message when I access the 'view' action (which is correct since I don't have the permission to access it), but I also get the flash message when I try to access the 'edit' action.

I'm missing something, and I don't know what. I've written this question, hoping that before finishing it, I would come up with the solution myself...but no luck. I still don't know what is happening, I guess it is some controller thing...Have you got any ideas ?