diff --git a/app/Config/acl.ini.php b/app/Config/acl.ini.php
deleted file mode 100644
index 11ce65b57..000000000
--- a/app/Config/acl.ini.php
+++ /dev/null
@@ -1,68 +0,0 @@
-;<?php exit() ?>
-;/**
-; * ACL Configuration
-; *
-; *
-; * PHP 5
-; *
-; * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
-; * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
-; *
-; *  Licensed under The MIT License
-; *  Redistributions of files must retain the above copyright notice.
-; *
-; * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
-; * @link          http://cakephp.org CakePHP(tm) Project
-; * @package       app.Config
-; * @since         CakePHP(tm) v 0.10.0.1076
-; * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
-; */
-
-; acl.ini.php - Cake ACL Configuration
-; ---------------------------------------------------------------------
-; Use this file to specify user permissions.
-; aco = access control object (something in your application)
-; aro = access request object (something requesting access)
-;
-; User records are added as follows:
-;
-; [uid]
-; groups = group1, group2, group3
-; allow = aco1, aco2, aco3
-; deny = aco4, aco5, aco6
-;
-; Group records are added in a similar manner:
-;
-; [gid]
-; allow = aco1, aco2, aco3
-; deny = aco4, aco5, aco6
-;
-; The allow, deny, and groups sections are all optional.
-; NOTE: groups names *cannot* ever be the same as usernames!
-;
-; ACL permissions are checked in the following order:
-; 1. Check for user denies (and DENY if specified)
-; 2. Check for user allows (and ALLOW if specified)
-; 3. Gather user's groups
-; 4. Check group denies (and DENY if specified)
-; 5. Check group allows (and ALLOW if specified)
-; 6. If no aro, aco, or group information is found, DENY
-;
-; ---------------------------------------------------------------------
-
-;-------------------------------------
-;Users
-;-------------------------------------
-
-[username-goes-here]
-groups = group1, group2
-deny = aco1, aco2
-allow = aco3, aco4
-
-;-------------------------------------
-;Groups
-;-------------------------------------
-
-[groupname-goes-here]
-deny = aco5, aco6
-allow = aco7, aco8
diff --git a/app/Config/acl.php b/app/Config/acl.php
deleted file mode 100644
index 3df822ab4..000000000
--- a/app/Config/acl.php
+++ /dev/null
@@ -1,134 +0,0 @@
-<?php
-/**
- * This is the PHP base ACL configuration file.
- *
- * Use it to configure access control of your Cake application.
- *
- * PHP 5
- *
- * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
- * Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
- *
- * Licensed under The MIT License
- * Redistributions of files must retain the above copyright notice.
- *
- * @copyright     Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
- * @link          http://cakephp.org CakePHP(tm) Project
- * @package       app.Config
- * @since         CakePHP(tm) v 2.1
- * @license       MIT License (http://www.opensource.org/licenses/mit-license.php)
- */
-
-/**
- * Example
- * -------
- *
- * Assumptions:
- *
- * 1. In your application you created a User model with the following properties:
- *    username, group_id, password, email, firstname, lastname and so on.
- * 2. You configured AuthComponent to authorize actions via
- *    $this->Auth->authorize = array('Actions' => array('actionPath' => 'controllers/'),...)
- *
- * Now, when a user (i.e. jeff) authenticates successfully and requests a controller action (i.e. /invoices/delete)
- * that is not allowed by default (e.g. via $this->Auth->allow('edit') in the Invoices controller) then AuthComponent
- * will ask the configured ACL interface if access is granted. Under the assumptions 1. and 2. this will be
- * done via a call to Acl->check() with
- *
- *    array('User' => array('username' => 'jeff', 'group_id' => 4, ...))
- *
- * as ARO and
- *
- *    '/controllers/invoices/delete'
- *
- * as ACO.
- *
- * If the configured map looks like
- *
- *    $config['map'] = array(
- *       'User' => 'User/username',
- *       'Role' => 'User/group_id',
- *    );
- *
- * then PhpAcl will lookup if we defined a role like User/jeff. If that role is not found, PhpAcl will try to
- * find a definition for Role/4. If the definition isn't found then a default role (Role/default) will be used to
- * check rules for the given ACO. The search can be expanded by defining aliases in the alias configuration.
- * E.g. if you want to use a more readable name than Role/4 in your definitions you can define an alias like
- *
- *    $config['alias'] = array(
- *       'Role/4' => 'Role/editor',
- *    );
- *
- * In the roles configuration you can define roles on the lhs and inherited roles on the rhs:
- *
- *    $config['roles'] = array(
- *       'Role/admin' => null,
- *       'Role/accountant' => null,
- *       'Role/editor' => null,
- *       'Role/manager' => 'Role/editor, Role/accountant',
- *       'User/jeff' => 'Role/manager',
- *    );
- *
- * In this example manager inherits all rules from editor and accountant. Role/admin doesn't inherit from any role.
- * Lets define some rules:
- *
- *    $config['rules'] = array(
- *       'allow' => array(
- *       	'*' => 'Role/admin',
- *       	'controllers/users/(dashboard|profile)' => 'Role/default',
- *       	'controllers/invoices/*' => 'Role/accountant',
- *       	'controllers/articles/*' => 'Role/editor',
- *       	'controllers/users/*'  => 'Role/manager',
- *       	'controllers/invoices/delete'  => 'Role/manager',
- *       ),
- *       'deny' => array(
- *       	'controllers/invoices/delete' => 'Role/accountant, User/jeff',
- *       	'controllers/articles/(delete|publish)' => 'Role/editor',
- *       ),
- *    );
- *
- * Ok, so as jeff inherits from Role/manager he's matched every rule that references User/jeff, Role/manager,
- * Role/editor, Role/accountant and Role/default. However, for jeff, rules for User/jeff are more specific than
- * rules for Role/manager, rules for Role/manager are more specific than rules for Role/editor and so on.
- * This is important when allow and deny rules match for a role. E.g. Role/accountant is allowed
- * controllers/invoices/* but at the same time controllers/invoices/delete is denied. But there is a more
- * specific rule defined for Role/manager which is allowed controllers/invoices/delete. However, the most specific
- * rule denies access to the delete action explicitly for User/jeff, so he'll be denied access to the resource.
- *
- * If we would remove the role definition for User/jeff, then jeff would be granted access as he would be resolved
- * to Role/manager and Role/manager has an allow rule.
- */
-
-/**
- * The role map defines how to resolve the user record from your application
- * to the roles you defined in the roles configuration.
- */
-$config['map'] = array(
-	'User' => 'User/username',
-	'Role' => 'User/group_id',
-);
-
-/**
- * define aliases to map your model information to
- * the roles defined in your role configuration.
- */
-$config['alias'] = array(
-	'Role/4' => 'Role/editor',
-);
-
-/**
- * role configuration
- */
-$config['roles'] = array(
-	'Role/admin' => null,
-);
-
-/**
- * rule configuration
- */
-$config['rules'] = array(
-	'allow' => array(
-		'*' => 'Role/admin',
-	),
-	'deny' => array(),
-);