Authentication and Authorization using Two (Multiple) Tables

Need Help
1

Hello

In my project I need to have two separate tables for “company_users” and “public_users” the Authentication on one would be with usernames and the other one with email addresses. They also contain their own set of roles and Authorization requirements.

In older versions of CakePHP this was possible using the Auth Component but I can’t find a decent way to do this using the current Authentication Plugin in CakePHP 5.
I was wondering if there is a clean way to implement the Authentication and Authorization for these two tables?

Thank you.

2 
$user = $this->getTableLocator()->get('Users')->get(intval($userId),[
                   'contain' => [
                       'Parents' => [
                           'queryBuilder' => function($query){
                               return $query->find('all',['withDeleted']);
                           }
                       ],
                       'Students' => [
                           'queryBuilder' => function($query){
                               return $query->find('all',['withDeleted']);
                           }
                       ]
                   ]
               ]);
               $this->Authentication->setIdentity($user);

try this one

3

Migration from the AuthComponent - 2.x (cakephp.org)

4

Nothing about your suggested code has anything to do with authorizing against multiple tables.

5

yes the code you suggested is not working i tried it

6

Check out the new auth plugin - pretty sure you can use Username or email for login

Why not add a flag in the user table for company employee?

7

The data structure and the user groups are fundamentally different, therefore using two separate tables is the cleaner way for me.

8

Do you expect one login page which checks both tables and logs the user in as whichever one it finds a match in? Or are there separate login pages for each group?

9

Sorry for the delay.
The login pages are going to be separate.

10

I think that when you add your auth middleware, you’ll need to check the request details (URL) to figure out which one applies, and configure the middleware appropriately.

11

Yes, that should be doable. However I though there would already be a mechanism available to handle a situation like this, both in Authentication and Authorization Plugins. I might take a look later to see if I can make the changes needed in those plugins for better integration.

Since I needed to take my project further and these Plugins are handling sensitive tasks, for now I have made my project into two different CakePHP apps on the same Database with their own different Authentication and Authorization.

12

That’s also a good way to go. If you have shared code (common tables, for example), that could go into a plugin that both projects use.

13

To approach your problem of having two separate tables for “company_users” and “public_users” with distinct authentication methods and roles, I would suggest reconsidering your approach. Instead of separating users into different tables, you can manage user roles within a single users table. Here’s how you can achieve this:

Recommended Approach

  1. Add a “role” field to your users table:

    • This field will differentiate between company users and public users.
    • Roles can be “company_user” and “public_user”.

  2. Authentication:

    • Authenticate users using either email or username. You can configure this in the Authentication plugin to allow both fields for login.

  3. Authorization:

    • Use policy classes to handle authorization based on the role assigned to the user.

  4. Additional Filtering in AppController:

    • Use beforeFilter and beforeRender methods in your AppController to apply additional filtering, such as different templates or themes for different user roles.