albertotain / acl-manager
AclManager plugin for CakePHP 4
Installs: 9
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 1
Open Issues: 0
Language:JavaScript
Type:cakephp-plugin
Requires
- php: >=7.4
- cakephp/acl: ^0.7.1
- cakephp/cakephp: ^4.0
- cakephp/plugin-installer: ~1.2
- composer/installers: *
Requires (Dev)
- phpunit/phpunit: ^5.7.14|^6.0
README
Installation
Composer
You can install this plugin into your CakePHP application using composer.
The recommended way to install composer packages is:
composer require albertotain/cakephp-aclmanager
Getting started
- Install the CakePHP ACL plugin by running composer require cakephp/acl. Read Acl plugin documentation.
- Set AclManager configuration. AclManager.aros. Must be specified before load plugin.
- Load the Acl and AclManager plugins in app/config/bootstrap.php.
# Example configuration for an schema based on Groups, Roles and Users Configure::write('AclManager.aros', array('Groups', 'Roles', 'Users')); Plugin::load('Acl', ['bootstrap' => true]); Plugin::load('AclManager', ['bootstrap' => true, 'routes' => true]);
Warning: It is not recommended to use Plugin::loadAll();. if you use Plugin::loadAll(); make sure it will not load any plugin several times with Plugin::load('PluginName').
Configuration parameters
Must be specified before load plugin.
- AclManager.aros Required. Sets the AROs to be used. The value of this parameter must be an array with the names of the AROs to be used.
# Example configuration for an schema based on Groups, Roles and Users Configure::write('AclManager.aros', array('Groups', 'Roles', 'Users'));
- AclManager.admin Optional. Set 'admin' prefix. The value of this parameter must be boolean.
# Set prefix admin ( http://www.domain.com/admin/AclManager ) Configure::write('AclManager.admin', true);
- AclManager.hideDenied Hide plugins, controllers and actions denied in ACLs lists.
Configure::write('AclManager.hideDenied', true);
- AclManager.ignoreActions Ignore all plugins, controllers and actions you don't want to add to your ACLs. The value of this parameter must be an array.
# Ecample: Configure::write('AclManager.ignoreActions', array( 'actionName', // ignore action 'Plugin.*', // Ignore the plugin 'Plugin.Controller/*', // Ignore the plugin controller 'Plugin.Controller/Action', // Ignore specific action from the plugin. 'Error/*' // Ignore the controller 'Error/Action' // Ignore specifc action from controller ));
Creating ACL tables
To create ACL related tables, run the following Migrations command.
bin/cake migrations migrate -p Acl
Example schema
An example schema based on Groups, Roles and Users.
CREATE TABLE `groups` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(100) COLLATE utf8_unicode_ci NOT NULL, `created` datetime DEFAULT NULL, `modified` datetime DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; CREATE TABLE `roles` ( `id` int(11) NOT NULL AUTO_INCREMENT, `group_id` int(11) DEFAULT NULL, `name` varchar(100) COLLATE utf8_unicode_ci NOT NULL, `created` datetime DEFAULT NULL, `modified` datetime DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; CREATE TABLE `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `group_id` int(11) NOT NULL, `role_id` int(11) NOT NULL, `username` varchar(50) COLLATE utf8_unicode_ci NOT NULL, `password` char(255) COLLATE utf8_unicode_ci NOT NULL, `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `created` datetime DEFAULT NULL, `modified` datetime DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `username` (`username`), UNIQUE KEY `email` (`email`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
Auth
Include and configure the AuthComponent and the AclComponent in the AppController.
public $components = [ 'Acl' => [ 'className' => 'Acl.Acl' ] ]; $this->loadComponent('Auth', [ 'authorize' => [ 'Acl.Actions' => ['actionPath' => 'controllers/'] ], 'loginAction' => [ 'plugin' => false, 'controller' => 'Users', 'action' => 'login' ], 'loginRedirect' => [ 'plugin' => false, 'controller' => 'Posts', 'action' => 'index' ], 'logoutRedirect' => [ 'plugin' => false, 'controller' => 'Pages', 'action' => 'display' ], 'unauthorizedRedirect' => [ 'plugin' => false, 'controller' => 'Users', 'action' => 'login', 'prefix' => false ], 'authError' => 'You are not authorized to access that location.', 'flash' => [ 'element' => 'error' ] ]);
Model Setup
Acting as a requester
Add $this->addBehavior('Acl.Acl', ['type' => 'requester']); to the initialize function in the files src/Model/Table/GroupsTable.php, src/Model/Table/RolesTable.php and src/Model/Table/UsersTable.php.
public function initialize(array $config) { parent::initialize($config); $this->addBehavior('Acl.Acl', ['type' => 'requester']); }
Implement parentNode function in Group entity
Add the following implementation of parentNode to the file src/Model/Entity/Group.php.
public function parentNode() { return null; }
Implement parentNode function in Role entity
Add the following implementation of parentNode to the file src/Model/Entity/Role.php.
public function parentNode() { if (!$this->id) { return null; } if (isset($this->group_id)) { $groupId = $this->group_id; } else { $Users = TableRegistry::get('Users'); $user = $Users->find('all', ['fields' => ['group_id']])->where(['id' => $this->id])->first(); $groupId = $user->group_id; } if (!$groupId) { return null; } return ['Groups' => ['id' => $groupId]]; }
Implement parentNode function in User entity
Add the following implementation of parentNode to the file src/Model/Entity/User.php.
public function parentNode() { if (!$this->id) { return null; } if (isset($this->role_id)) { $roleId = $this->role_id; } else { $Users = TableRegistry::get('Users'); $user = $Users->find('all', ['fields' => ['role_id']])->where(['id' => $this->id])->first(); $roleId = $user->role_id; } if (!$roleId) { return null; } return ['Roles' => ['id' => $roleId]]; }
Create a group, role, and user.
Allow all. Add in AppController.php.
public function initialize() { parent::initialize(); ... $this->Auth->allow(); }
Now create a group, role, and user.
Access the plugin
Now navigate to http://www.domain.com/AclManager ( or http://www.domain.com/admin/AclManager If AclManager.admin is set to true ), just click "Update ACOs and AROs and set default values", after update ACOs and AROs, remove $this->Auth->allow() from AppController.php and enjoy!
Known issues
- Not known.
Changelog
v1.3
Added
- AclManager.hideDenied Hide plugins, controllers and actions denied in ACLs lists.
Changed
- AclManager.ignoreActions Ignore all plugins, controllers and actions you don't want to add to your ACLs.
Configure::write('AclManager.ignoreActions', array( 'actionName', // ignore action 'Plugin.*', // Ignore the plugin 'Plugin.Controller/*', // Ignore the plugin controller 'Plugin.Controller/Action', // Ignore specific action from the plugin 'Error/*' // Ignore the controller 'Error/Action' // Ignore specifc action from controller ));
- Updated indexctp and permissioins.ctp: Show or hide ACLs that do not have permissions in the ACL list. Show flash messages below the actions panel.
- Fixed acoUpdate syncronization.
About CakePHP Acl Manager
CakePHP - AclManager is a single plugin for manage CakePHP ACLs, based on the original idea of Frédéric Massart (FMCorz) for CakePHP 2.x.