Best way to create a custom rbac

I am using cakephp 3.8 and create a backend with frontend features, I want to use a rbac system to show certain menu elements (depending on the rights a user has) and to control the access of controllers and actions.

Anyone an idea of ways to do this.

I know there are plugins that have that, but they are not working with the way my backend is created.

It’s hard to make a general recommendation, this can be accomplished in many ways. You can check something like

if ($Rbac->check($resource, $role)) { ...

and bring your own RBAC permission provider, resource identifier and role identifier. How to set it up/bootstrap the configuration, where to check and who provides all this information depends on your particular needs.

In broad strokes here’s what I did in the past: The RBAC main facility is a Component which receives the access-control configuration, the resource configuration and the request (which identifies the current user and its role somehow). With these it has everything required for a permission-check, which can be done in a Component event (startup), the Controller (beforeFilter, the action itself), or passed to the View for permission-checking.

1 Like

Maybe one of these plugins can help?