Hi everybody,
I am using the CakeDC/Auth and Users plugin, that really does the job good 
Thanks to the authors!!!
But I struggle with one situation: I cannot define an allowed user function to evaluate the status (published, draft) of the Page entity for a not logged in user. When I open the not published page, the plugin redirects me to the login.
I debugged the function _matchPermission(…) of the Rbac class and found out that the code returns here a null value:
if (!$user && ($permission['bypassAuth'] ?? false) !== true) {
return null;
}
Because the (logged in) $user is null and so my defined allowed custom function is not going to be evaluated further in the method mentioned above, since the rule should be for a non logged user. And I do not want to check the status and LoggedInUserIdentity in my PageController, because it is very handy working with permissions in the config/permissions.php file.
Question: Should I Implement a custom RuleClass that implements the Rule interface from Rbac to accomplish this situation? Or what I am doing wrong. Here is the according array item from permissions.php.
[
'role' => '*',
'plugin' => 'PageManager',
'controller' => 'Pages',
'action' => ['view'],
'allowed' => function (UserManager\Model\Entity\User $user, $role, \Cake\Http\ServerRequest $request) {
$slug = $request->getParam('slug') ?? 'home';
$page = \Cake\ORM\TableRegistry::getTableLocator()->get('PageManager.Pages')->findBySlug($slug)->first();
if (empty($page))
return false;
return ($page->isPublished() || $role == 'admin');
},
],
But anyway, I thing implementing a custom RuleClass would not help further, because the code in the _matchPermission(…) method exits earlier and the Rule is not going to be applied. For that maybe I must provide like a dummy user object so that the code can continue matching the rule. Or what do you think?
Thank you in advance!