You can install this plugin into your CakePHP application using composer.
The recommended way to install composer packages is:
composer require ivanamat/cakephp3-aclmanager
git submodule add git@github.com:ivanamat/cakephp3-aclmanager.git plugins/AclManager
git submodule init
git submodule update
Download the .zip or .tar.gz file, unzip and rename the plugin folder "cakephp3-aclmanager" to "AclManager" then copy the folder to your plugins folder.
# Example configuration for an schema based on Groups, Roles and Users
Configure::write('AclManager.aros', array('Groups', 'Roles', 'Users'));
Plugin::load('Acl', ['bootstrap' => true]);
Plugin::load('AclManager', ['bootstrap' => true, 'routes' => true]);
Warning: It is not recommended to use Plugin::loadAll();. if you use Plugin::loadAll(); make sure it will not load any plugin several times with Plugin::load('PluginName').
Must be specified before load plugin.
# Example configuration for an schema based on Groups, Roles and Users
Configure::write('AclManager.aros', array('Groups', 'Roles', 'Users'));
# Set prefix admin ( http://www.domain.com/admin/AclManager )
Configure::write('AclManager.admin', true);
Configure::write('AclManager.hideDenied', true);
# Ecample:
Configure::write('AclManager.ignoreActions', array(
'actionName', // ignore action
'Plugin.*', // Ignore the plugin
'Plugin.Controller/*', // Ignore the plugin controller
'Plugin.Controller/Action', // Ignore specific action from the plugin.
'Error/*' // Ignore the controller
'Error/Action' // Ignore specifc action from controller
));
To create ACL related tables, run the following Migrations command.
bin/cake migrations migrate -p Acl
An example schema based on Groups, Roles and Users.
CREATE TABLE `groups` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) COLLATE utf8_unicode_ci NOT NULL,
`created` datetime DEFAULT NULL,
`modified` datetime DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
CREATE TABLE `roles` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`group_id` int(11) DEFAULT NULL,
`name` varchar(100) COLLATE utf8_unicode_ci NOT NULL,
`created` datetime DEFAULT NULL,
`modified` datetime DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`group_id` int(11) NOT NULL,
`role_id` int(11) NOT NULL,
`username` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
`password` char(255) COLLATE utf8_unicode_ci NOT NULL,
`email` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
`created` datetime DEFAULT NULL,
`modified` datetime DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`),
UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
Include and configure the AuthComponent and the AclComponent in the AppController.
public $components = [
'Acl' => [
'className' => 'Acl.Acl'
]
];
$this->loadComponent('Auth', [
'authorize' => [
'Acl.Actions' => ['actionPath' => 'controllers/']
],
'loginAction' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login'
],
'loginRedirect' => [
'plugin' => false,
'controller' => 'Posts',
'action' => 'index'
],
'logoutRedirect' => [
'plugin' => false,
'controller' => 'Pages',
'action' => 'display'
],
'unauthorizedRedirect' => [
'plugin' => false,
'controller' => 'Users',
'action' => 'login',
'prefix' => false
],
'authError' => 'You are not authorized to access that location.',
'flash' => [
'element' => 'error'
]
]);
Add $this->addBehavior('Acl.Acl', ['type' => 'requester']); to the initialize function in the files src/Model/Table/GroupsTable.php, src/Model/Table/RolesTable.php and src/Model/Table/UsersTable.php.
public function initialize(array $config) {
parent::initialize($config);
$this->addBehavior('Acl.Acl', ['type' => 'requester']);
}
Add the following implementation of parentNode to the file src/Model/Entity/Group.php.
public function parentNode()
{
return null;
}
Add the following implementation of parentNode to the file src/Model/Entity/Role.php.
public function parentNode() {
if (!$this->id) {
return null;
}
if (isset($this->group_id)) {
$groupId = $this->group_id;
} else {
$Users = TableRegistry::get('Users');
$user = $Users->find('all', ['fields' => ['group_id']])->where(['id' => $this->id])->first();
$groupId = $user->group_id;
}
if (!$groupId) {
return null;
}
return ['Groups' => ['id' => $groupId]];
}
Add the following implementation of parentNode to the file src/Model/Entity/User.php.
public function parentNode() {
if (!$this->id) {
return null;
}
if (isset($this->role_id)) {
$roleId = $this->role_id;
} else {
$Users = TableRegistry::get('Users');
$user = $Users->find('all', ['fields' => ['role_id']])->where(['id' => $this->id])->first();
$roleId = $user->role_id;
}
if (!$roleId) {
return null;
}
return ['Roles' => ['id' => $roleId]];
}
Allow all. Add in AppController.php.
public function initialize() {
parent::initialize();
...
$this->Auth->allow();
}
Now create a group, role, and user.
Now navigate to http://www.domain.com/AclManager ( or http://www.domain.com/admin/AclManager If AclManager.admin is set to true ), just click "Update ACOs and AROs and set default values", after update ACOs and AROs, remove $this->Auth->allow() from AppController.php and enjoy!
Configure::write('AclManager.ignoreActions', array(
'actionName', // ignore action
'Plugin.*', // Ignore the plugin
'Plugin.Controller/*', // Ignore the plugin controller
'Plugin.Controller/Action', // Ignore specific action from the plugin
'Error/*' // Ignore the controller
'Error/Action' // Ignore specifc action from controller
));
CakePHP 3.x - AclManager is a single plugin for manage CakePHP 3.x ACLs, based on the original idea of Frédéric Massart (FMCorz) for CakePHP 2.x.
This project will be deprecated in favor of CakePHP 4.x - AclManager.
All code will be moved to the repository https://github.com/ivanamat/cakephp-aclmanager in order to continue future versions.
Iván Amat on GitHub
www.ivanamat.es