Authentification and Autorizations

I’m new user of cakephp 3.4.11 with MySQL and I will try ACL in a role of user which we can select as: Admin, or Interv or Guest. My goal is to redirect user, after login to a different pages but I have somes mistakes I can’t resolve: loginAction don’t make anything.

Pss…I made login page as Homepage for the application.

Here some codes:
* Login method
public function login() {
if ($this->request->is(‘post’)) {
$utilisateur = $this->Auth->identify();
if ($utilisateur) {
return $this->redirect($this->Auth->redirectUrl(’/Utilisateurs/index’));
$this->Flash->success(__('Welcome, '. $this->Auth->Utilisateurs(‘username’)));
$this->Flash->error((‘Invalid username or password, try again’));

//autorisation après l'action login
public function isAuthorized($utilisateur)
    if (isset($utiisateur['role']) && $utilisateur['role'] === 'admin'){
        $this->Auth->allow(['logout', 'index','view','add','edit','filter','delete']);
        return true;
    if (isset($utiisateur['role']) && $utilisateur['role'] === 'intervenant'){
        //$this->Auth->allow(['logout', 'index','view','add','edit','filter','delete']);
        return true;
    if (isset($utilisateur['username']['password']) && $utilisateur['role'] === 'client') {
        return true;
    if (!isset($utilisateur['username']['password'])) {
        return false;
    return parent::isAuthorized($utilisateur);

public function beforeFilter(Event $event)
//pour demander l’authentification pour chaque URL
/* si +, on peut acceder via une URL
* sinon, rediriger login…
* */
$this->Auth->allow([‘index’, ‘view’,‘add’,‘edit’,‘delete’, ‘display’]);

public function initialize()
$this->loadComponent(‘Auth’, [
‘loginAction’ =>[
‘controller’ => ‘Utilisateurs’,
‘action’ => ‘home’ // action qui va specifier le dashboard à afficher
‘loginRedirect’ => [
‘controller’ => ‘Utilisateurs’,
‘action’ => ‘index’ // en cas d’echec de login, rediriger vers la page de login
‘logoutRedirect’ => [
‘controller’ => ‘Utilisateurs’,
‘action’ => ‘login’ // en cas d’echec de login, rediriger vers la page de login
‘authError’ => ‘Access Denied’, //message à émmettre
’authenticate’ => [ // l’authentification se fait par un formulaire avec un password hasher
’Form’ => [
‘passwordHasher’ => ‘display’
‘authorize’ => [
‘Controller’ // prise en mais par les autres controlleurs

  • routes.php
    Router::scope(’/’, function (RouteBuilder $routes) {
    $routes->connect(’/’, [‘controller’ => ‘Utilisateurs’, ‘action’ =>‘home’]);

So anyone cal help me, please…

Please indent your code properly, noone will read this question like this. The part what starts with //autorisation après l'action login is indented correctly the others not.

I do not think you need ACL anyway. Please check the cookbook on authentication.


Thank u so much, sir