CakePHP 4 cake-auth-actions
, (*1)
A simple, configuration based ACL alternative for CakePHP 4. Allows you to define specific access rights to controller actions for different kinds of users., (*2)
Installation
1. Install the plugin via composer
composer require codekanzlei/auth-actions
2. Load the plugin in your src/Application.php
$this->addPlugin('AuthActions');
Usage & Configuration
In your src/Controller/AppController.php, insert the following pieces of code in the matching sections:, (*3)
Traits:, (*4)
use \AuthActions\Lib\AuthActionsTrait;
...
use AuthActionsTrait;
$components:, (*5)
public $components = [
'Auth' => [
'authenticate' => [
'Form' => [
'repository' => 'Users',
'scope' => [
'status' => Status::ACTIVE,
]
]
],
'authorize' => ['Controller'],
'loginAction' => [], // prefered login view
'loginRedirect' => [], // redirect after successful login
'logoutRedirect' => [], // redirect after logout
'authError' => 'PERMISSION_DENIED',
// namespace declaration of AuthUtilsComponent
'AuthActions.AuthUtils'
]
];
beforeFilter():, (*6)
public function beforeFilter(\Cake\Event\Event $event)
{
$this->initAuthActions();
}
initialize():, (*7)
public function initialize()
{
$this->loadHelper('Auth', [
'className' => 'AuthActions.Auth'
]);
}
3. Create additional files
In your project's config folder, create the required config files., (*8)
Note: For reference, see these files:, (*9)
-
auth_actions.php-default, (*10)
here you can grant or restrict access to Controller functions to certain user roles., (*11)
-
user_rights.php-default, (*12)
here you can define further custom access rights, allowing easy control over which buttons will be rendered in view files, depending on the role of the user that's viewing them., (*13)
See [4. Grant/Restrict group rights](#### 4. Grant/Restrict group rights) for further information and example code snippets., (*14)
auth_actions.php, (*15)
touch config/auth_actions.php
user_rights.php, (*16)
touch config/user_rights.php
3. Define custom user roles
Add a new column namend role to your database users table., (*17)
In your User.php, you can define custom user roles as constants., (*18)
A commonly used, basic set of user roles ADMIN and USER can be defined as follows:, (*19)
const ROLE_ADMIN = 'admin';
const ROLE_USER = 'user';
4. Grant/Restrict group rights
Following the example of a simple USER and ADMIN setup above, consider the following commonly needed use-cases., (*20)
-
restricting access for non-admin users:
Consider a basic "Users" MVC setup. Assuming you wish to only grant ADMINS access to every controller-action, including edit() as well as any functions added later on, while restricting USERS from all functions except for index() and view()., (*21)
In auth_actions.php:, (*22)
$config = [
'auth_actions' => [
// Controller name: 'Users'
'Users' => [
// wildcard * includes every action in this controller
'*' => [
User::ROLE_ADMIN
],
// here we explicitly list actions that
// USERS shall be able to access
'index' => [
User::ROLE_USER
],
'view' => [
User::ROLE_USER
]
]
]
];
-
preventing buttons from being rendered in a view: The above code will prevent USERS from calling any action in UsersController except for index() and view() but - for example - edit buttons next to User entities in your index-view will still be rendered. Here's how you can prevent them from being rendered if the view file is being viewes by a non-ADMIN user:, (*23)
In user_rights.php:, (*24)
$config = [
'user_rights' => [
// granting a custom right only for Users of type ADMIN
'viewEditButton' => [
User::ROLE_ADMIN
]
]
];
In your index view:, (*25)
<?php if ($this->Auth->hasRight('viewEditButton')): ?>
<?= $this->Html->link(__('Edit'), ['action' => 'edit', $user->id]) ?>
<?php endif; ?>
Wallogit.com
