CakePHP2 Access Control to CakePHP4 Authorization

I’m migrating from CakePHP2 Access Control to CakePHP4 Authorization plugin. Does anyone know of some practical examples of doing this? I’m having trouble wrapping my head around the differences and how to make this migration happen. CakePHP2 had the database Tree structure thing going on so we could check for authorization against an item and it’s parent associations would all be considered. I’m not seeing anything like that with CakePHP4.

In version 2 I was using the Controller authorization and the isAuthorized() method and performing ACL checks inside that. I don’t know… I guess any practical examples might help.

I can’t give you specific details, only a general idea of the new system and a little guess-work.

Authorization is now implemented using policies. There is a little bit of naming-convention magic that decides which policy to run at any given moment.

A typical call might be something like:

$identity->can('edit', $article);
Details of this example call

In this example call the $identity is the authenticated user’s identity object. This basic object gets wrapped and expanded by the Authorization plugin.

The policy class that gets called is determined by the second argument; in this expample $article.

A specific Policy Class will be called for each class type you pass (more details here).

There are a couple of other general policy checks beyond can (which will return a boolean). canResult will return an Policy Result Object. scope will operate on and modify query objects.

I expect you will need to map your old v2 ACL checks to these new policy checks.

If I recall correctly, isAuthorized() returned a boolean. So your isAuthorized() calls will need to be changed to can calls as illustrated above.

The logic that determined access from your ACL arrays will need to be handled by your new can policies. Or possibly, the can can delegate back to the older auth check logic.

Possibly this brief overview will help?

It is now a plugin cakephp/acl, recently merged 4x. support

I used this repo as base: mattmemmesheimer/cakephp-3-acl-example

I think this may be exactly what I need. Didn’t know it existed, so I guess I’ll see if everything works with version 4. Thanks! You’ve been a life saver during this migration of mine. So I’m guessing with this there is no need for the Authorization plugin?

You can use the AuthorizationPlugin that is a wrapper of an Acl call