Configure permission.php of cakedc users for role user in cakephp 4.2

mdeanquin · May 24, 2022, 9:26pm

How do I have to configure permission.php in cakedc users to allow the execution of several actions of several controllers?
And how do I verify them so that the links to the controllers/actions that are not allowed don’t appear in the site menu?
This is the code of the menu in root/templates/element directory:

<?php if($isValid){ ?>

	<nav class='navbar navbar-default'>

		<div class='container-fluid'>

			<!-- Brand and toggle get grouped for better mobile display -->

			<div class='navbar-header'>

				<button type='button' class='navbar-toggle collapsed' data-toggle='collapse' data-target='#bs-example-navbar-collapse-1'>

				<span class='sr-only'>Toggle navigation</span>

				<span class='icon-bar'></span>

				<span class='icon-bar'></span>

				<span class='icon-bar'></span>

				</button>

				<div class="navbar-brand">

					<?php echo 'GestiÃ³n de Cobranzas del Sindicato'; ?>

				</div>

			</div>



			<!-- Collect the nav links, forms, and other content for toggling -->

			<div class='collapse navbar-collapse' id='bs-example-navbar-collapse-1'>

				<ul class='nav navbar-nav navbar-right'>
					<li><?= $this->Html->link('Usuarios', ['plugin' => 'CakeDC/Users', 'controller'=>'Users','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Empresas', ['controller'=>'Enterprises','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Afiliados', ['controller'=>'Affiliates','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Actas de inspecciÃ³n', ['controller'=>'InspectionRecords','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Actas de inspecciÃ³n empleados', ['controller'=>'InspectionRecordsEmployees','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Sucesos', ['controller'=>'Events','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Constancias de afiliaciÃ³n', ['controller'=>'AffiliateCertificates','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Beneficios', ['controller'=>'Benefits','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Beneficios por afiliado', ['controller'=>'RegBenefits','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Aportes', ['controller'=>'Contributions','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Reclamos laborales', ['controller'=>'LaborClaim','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Observaciones', ['controller'=>'Observations','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Ayuda', ['controller'=>'Home','action'=>'index']) ?></li>
					<li><?= $this->Html->link('Cerrar Sesion', ['plugin' => 'CakeDC/Users', 'controller' => 'users', 'action'=>'logout']) ?></li>
				</ul>

			</div><!-- /.navbar-collapse -->

		</div><!-- /.container-fluid -->

	</nav>

<?php } ?>

MarekDM · May 24, 2022, 11:13pm

For links checkout userhelper users/UserHelper.md at master · CakeDC/users · GitHub
There is $this->User->link() function that should help you

mdeanquin · May 25, 2022, 12:52am

And how do I have to add the role user in permission.php to authorize the different controllers/actions?

mdeanquin · May 27, 2022, 5:35pm

Can you tell me what I am doing wrong?
This is the code for permissions.php in cakedc/auth/config directory:

<?php
/**
 * Copyright 2010 - 2019, Cake Development Corporation (https://www.cakedc.com)
 *
 * Licensed under The MIT License
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright Copyright 2010 - 2018, Cake Development Corporation (https://www.cakedc.com)
 * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
 */

/*
 * IMPORTANT:
 * This is an example configuration file. Copy this file into your config directory and edit to
 * setup your app permissions.
 *
 * This is a quick roles-permissions implementation
 * Rules are evaluated top-down, first matching rule will apply
 * Each line define
 *      [
 *          'role' => 'role' | ['roles'] | '*'
 *          'prefix' => 'Prefix' | , (default = null)
 *          'plugin' => 'Plugin' | , (default = null)
 *          'controller' => 'Controller' | ['Controllers'] | '*',
 *          'action' => 'action' | ['actions'] | '*',
 *          'allowed' => true | false | callback (default = true)
 *      ]
 * You could use '*' to match anything
 * 'allowed' will be considered true if not defined. It allows a callable to manage complex
 * permissions, like this
 * 'allowed' => function (array $user, $role, Request $request) {}
 *
 * Example, using allowed callable to define permissions only for the owner of the Posts to edit/delete
 *
 * (remember to add the 'uses' at the top of the permissions.php file for Hash, TableRegistry and Request
   [
        'role' => ['user'],
        'controller' => ['Posts'],
        'action' => ['edit', 'delete'],
        'allowed' => function(array $user, $role, Request $request) {
            $postId = Hash::get($request->params, 'pass.0');
            $post = TableRegistry::getTableLocator()->get('Posts')->get($postId);
            $userId = $user['id'] ?? null;
            if (!empty($post->user_id) && !empty($userId)) {
                return $post->user_id === $userId;
            }
            return false;
        }
    ],
 */
$permissions = [
    //all bypass
    [
        'prefix' => false,
        'plugin' => 'CakeDC/Users',
        'controller' => 'Users',
        'action' => [
            // LoginTrait
            'socialLogin',
            'login',
            'logout',
            'socialEmail',
            'verify',
            // RegisterTrait
            'register',
            'validateEmail',
            // PasswordManagementTrait used in RegisterTrait
            'changePassword',
            'resetPassword',
            'requestResetPassword',
            // UserValidationTrait used in PasswordManagementTrait
            'resendTokenValidation',
            'linkSocial'
        ],
        'bypassAuth' => true,
    ],
    [
        'prefix' => false,
        'plugin' => 'CakeDC/Users',
        'controller' => 'SocialAccounts',
        'action' => [
            'validateAccount',
            'resendValidation',
        ],
        'bypassAuth' => true,
    ],
    //admin role allowed to all the things
    [
        'role' => 'admin',
        'prefix' => '*',
        'extension' => '*',
        'plugin' => '*',
        'controller' => '*',
        'action' => '*',
    ],
    //specific actions allowed for the all roles in Users plugin
    [
        'role' => '*',
        'plugin' => 'CakeDC/Users',
        'controller' => 'Users',
        'action' => ['profile', 'logout', 'linkSocial', 'callbackLinkSocial'],
    ],
    [
        'role' => '*',
        'plugin' => 'CakeDC/Users',
        'controller' => 'Users',
        'action' => 'resetOneTimePasswordAuthenticator',
        'allowed' => function (array $user, $role, \Cake\Http\ServerRequest $request) {
            $userId = \Cake\Utility\Hash::get($request->getAttribute('params'), 'pass.0');
            if (!empty($userId) && !empty($user)) {
                return $userId === $user['id'];
            }

            return false;
        }
    ],
    //all roles allowed to Pages/display
    [
        'role' => '*',
        'controller' => 'Pages',
        'action' => 'display',
    ],
    [
        'role' => ['user'],
        'controller' => 'Users',
        'action' => ['edit', 'changePassword', 'view'],
        'allowed' => function (array $user, $role, \Cake\Http\ServerRequest $request) {
			$userId = \Cake\Utility\Hash::get($request->getAttribute('params'), 'pass.0');
			if (!empty($userId) && !empty($user)) {
				return $userId === $user['id'];
			}

            return false;
		}
    ],
    [
        'role' => ['user'],
        'controller' => 'AffiliateCertificates',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'Affiliates',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'Benefits',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'Contributions',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'Enterprises',
        'action' => ['add', 'delete', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'Events',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'FamilyGroup',
        'action' => ['add', 'addAffiliate', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'InspectionRecords',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'InspectionRecordsEmployees',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'LaborClaim',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'Observations',
        'action' => ['add', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'RegBenefits',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
    [
        'role' => ['user'],
        'controller' => 'RegBenefits',
        'action' => ['add', 'edit', 'index', 'view'],
    ],
];

$preload = \Cake\Core\Configure::read('CakeDC/Auth.preloadPermissions', []);
$publicPages = $preload['public'] ?? [];
foreach ($publicPages as $permission) {
    $permission['bypassAuth'] = true;
    $permissions[] = $permission;
}

return [
    'CakeDC/Auth.permissions' => $permissions
];
?>

And this is the code for permissions.php in cakedc/users/config directory:

<?php
/**
 * Copyright 2010 - 2019, Cake Development Corporation (https://www.cakedc.com)
 *
 * Licensed under The MIT License
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright Copyright 2010 - 2018, Cake Development Corporation (https://www.cakedc.com)
 * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
 */

/*
 * IMPORTANT:
 * This is an example configuration file. Copy this file into your config directory and edit to
 * setup your app permissions.
 *
 * This is a quick roles-permissions implementation
 * Rules are evaluated top-down, first matching rule will apply
 * Each line define
 *      [
 *          'role' => 'role' | ['roles'] | '*'
 *          'prefix' => 'Prefix' | , (default = null)
 *          'plugin' => 'Plugin' | , (default = null)
 *          'controller' => 'Controller' | ['Controllers'] | '*',
 *          'action' => 'action' | ['actions'] | '*',
 *          'allowed' => true | false | callback (default = true)
 *      ]
 * You could use '*' to match anything
 * 'allowed' will be considered true if not defined. It allows a callable to manage complex
 * permissions, like this
 * 'allowed' => function (array $user, $role, Request $request) {}
 *
 * Example, using allowed callable to define permissions only for the owner of the Posts to edit/delete
 *
 * (remember to add the 'uses' at the top of the permissions.php file for Hash, TableRegistry and Request
   [
        'role' => ['user'],
        'controller' => ['Posts'],
        'action' => ['edit', 'delete'],
        'allowed' => function(array $user, $role, Request $request) {
            $postId = Hash::get($request->params, 'pass.0');
            $post = TableRegistry::getTableLocator()->get('Posts')->get($postId);
            $userId = Hash::get($user, 'id');
            if (!empty($post->user_id) && !empty($userId)) {
                return $post->user_id === $userId;
            }
            return false;
        }
    ],
 */

return [
    'CakeDC/Auth.permissions' => [
        //all bypass
        [
            'prefix' => false,
            'plugin' => 'CakeDC/Users',
            'controller' => 'Users',
            'action' => [
                // LoginTrait
                'socialLogin',
                'login',
                'logout',
                'socialEmail',
                'verify',
                // RegisterTrait
                'register',
                'validateEmail',
                // PasswordManagementTrait used in RegisterTrait
                'changePassword',
                'resetPassword',
                'requestResetPassword',
                // UserValidationTrait used in PasswordManagementTrait
                'resendTokenValidation',
                'linkSocial',
                //U2F actions
                'u2f',
                'u2fRegister',
                'u2fRegisterFinish',
                'u2fAuthenticate',
                'u2fAuthenticateFinish',
            ],
            'bypassAuth' => true,
        ],
        [
            'prefix' => false,
            'plugin' => 'CakeDC/Users',
            'controller' => 'SocialAccounts',
            'action' => [
                'validateAccount',
                'resendValidation',
            ],
            'bypassAuth' => true,
        ],
        //admin role allowed to all the things
        [
            'role' => 'admin',
            'prefix' => '*',
            'extension' => '*',
            'plugin' => '*',
            'controller' => '*',
            'action' => '*',
        ],
        //specific actions allowed for the all roles in Users plugin
        [
            'role' => '*',
            'plugin' => 'CakeDC/Users',
            'controller' => 'Users',
            'action' => ['profile', 'logout', 'linkSocial', 'callbackLinkSocial'],
        ],
        [
            'role' => '*',
            'plugin' => 'CakeDC/Users',
            'controller' => 'Users',
            'action' => 'resetOneTimePasswordAuthenticator',
            'allowed' => function (array $user, $role, \Cake\Http\ServerRequest $request) {
                $userId = \Cake\Utility\Hash::get($request->getAttribute('params'), 'pass.0');
                if (!empty($userId) && !empty($user)) {
                    return $userId === $user['id'];
                }

                return false;
            }
        ],
        //all roles allowed to Pages/display
        [
            'role' => '*',
            'controller' => 'Pages',
            'action' => 'display',
        ],
		[
			'role' => ['user'],
			'controller' => 'Users',
			'action' => ['edit', 'changePassword', 'view'],
			'allowed' => function (array $user, $role, \Cake\Http\ServerRequest $request) {
				$userId = \Cake\Utility\Hash::get($request->getAttribute('params'), 'pass.0');
				if (!empty($userId) && !empty($user)) {
					return $userId === $user['id'];
				}

				return false;
			}
		],
		[
			'role' => ['user'],
			'controller' => 'AffiliateCertificates',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Affiliates',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Benefits',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Contributions',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Enterprises',
			'action' => ['add', 'delete', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Events',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'FamilyGroup',
			'action' => ['add', 'addAffiliate', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'InspectionRecords',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'InspectionRecordsEmployees',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'LaborClaim',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Observations',
			'action' => ['add', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'RegBenefits',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'RegBenefits',
			'action' => ['add', 'edit', 'index', 'view'],
		],
    ]
];
?>

When I login with a user that has the role “user” it doesn’t enter to the site, except it gives me an error err_too_many_redirects.

Zuluru · May 28, 2022, 4:48am

Check the network tab of the developer tools on your browser to see what URL(s) it is redirecting to. It’s likely one of two things.

First, it might constantly be redirecting to the same URL. 1a, that might be the login URL if you have incorrectly configured your authentication system, it might keep redirecting to the login, but you’re already logged in. 1b, it might be some URL that you don’t have access to, either because you have your permissions set up wrong or, again, you have your auth configured incorrectly as to where to redirect after login.

Second, it might be bouncing between two URLs.

Anyway, to really help pinpoint the problem, we’d need to know what redirect is actually happening, not just that there are too many.

thomasg · May 28, 2022, 9:02am

You should really create your permissions file in config/permissions.php

Not changing the code directly in the cakedc folder will be much eassier in the long run.

mdeanquin · May 28, 2022, 4:29pm

This is the code for routes.php:

<?php
/**
 * Routes configuration.
 *
 * In this file, you set up routes to your controllers and their actions.
 * Routes are very important mechanism that allows you to freely connect
 * different URLs to chosen controllers and their actions (functions).
 *
 * It's loaded within the context of `Application::routes()` method which
 * receives a `RouteBuilder` instance `$routes` as method argument.
 *
 * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
 * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
 *
 * Licensed under The MIT License
 * For full copyright and license information, please see the LICENSE.txt
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright     Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
 * @link          https://cakephp.org CakePHP(tm) Project
 * @license       https://opensource.org/licenses/mit-license.php MIT License
 */

use Cake\Routing\Route\DashedRoute;
use Cake\Routing\RouteBuilder;

/*
 * The default class to use for all routes
 *
 * The following route classes are supplied with CakePHP and are appropriate
 * to set as the default:
 *
 * - Route
 * - InflectedRoute
 * - DashedRoute
 *
 * If no call is made to `builder->defaultRouteClass()`, the class used is
 * `Route` (`Cake\Routing\Route\Route`)
 *
 * Note that `Route` does not do any inflections on URLs which will result in
 * inconsistently cased URLs when used with `:plugin`, `:controller` and
 * `:action` markers.
 */
/** @var \Cake\Routing\RouteBuilder $routes */
$routes->setRouteClass(DashedRoute::class);

$routes->scope('/', function (RouteBuilder $builder) {
    /*
     * Here, we are connecting '/' (base path) to a controller called 'Users',
     * its action called 'login'
     */
	$builder->connect('/', ['controller' => 'users', 'action' => 'login']);

    /*
     * Connect catchall routes for all controllers.
     *
     * The `fallbacks` method is a shortcut for
     *
     * ```
     * $builder->connect('/:controller', ['action' => 'index']);
     * $builder->connect('/:controller/:action/*', []);
     * ```
     *
     * You can remove these routes once you've connected the
     * routes you want in your application.
     */
    $builder->fallbacks();
});

/*
 * If you need a different set of middleware or none at all,
 * open new scope and define routes there.
 *
 * ```
 * $routes->scope('/api', function (RouteBuilder $builder) {
 *     // No $builder->applyMiddleware() here.
 *     
 *     // Parse specified extensions from URLs
 *     // $builder->setExtensions(['json', 'xml']);
 *     
 *     // Connect API actions here.
 * });
 * ```
 */

When I try to login is trying to redirect to both the cakedc login action and the action configured with Authentication plugin, I noticed that I didn’t give the permission to the role user to Home controller and index action, I added that but still gives me the error, maybe the hosting service didn’t still update the uploaded file

KevinPfeifer · May 28, 2022, 8:41pm

Let me guess, your login redirect URL is /, right (you didn’t overwrite the default config)

So you redirect the user from the login form to / which in your routes is the login form again.
But due to the fact that you are already logged in it redirects you again to … you guessed it, /

The solution is to NOT set the login form to be your / route. Set it to some page from the pages controller or the index action of one of your controllers.

mdeanquin · May 28, 2022, 11:40pm

Thank you very much, that was the problem, now is working fine.

mdeanquin · May 29, 2022, 12:11am

I added the index action of users controller of cakedc users plugin to the allowed controllers in permissions.php but now is giving me the exception “Argument 1 passed to Cake\Core\Configure\Engine\PhpConfig::{closure}() must be of the type array, object given”, how can I solve that?
This is the code for permissions.php:

<?php
/**
 * Copyright 2010 - 2019, Cake Development Corporation (https://www.cakedc.com)
 *
 * Licensed under The MIT License
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright Copyright 2010 - 2018, Cake Development Corporation (https://www.cakedc.com)
 * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
 */

/*
 * IMPORTANT:
 * This is an example configuration file. Copy this file into your config directory and edit to
 * setup your app permissions.
 *
 * This is a quick roles-permissions implementation
 * Rules are evaluated top-down, first matching rule will apply
 * Each line define
 *      [
 *          'role' => 'role' | ['roles'] | '*'
 *          'prefix' => 'Prefix' | , (default = null)
 *          'plugin' => 'Plugin' | , (default = null)
 *          'controller' => 'Controller' | ['Controllers'] | '*',
 *          'action' => 'action' | ['actions'] | '*',
 *          'allowed' => true | false | callback (default = true)
 *      ]
 * You could use '*' to match anything
 * 'allowed' will be considered true if not defined. It allows a callable to manage complex
 * permissions, like this
 * 'allowed' => function (array $user, $role, Request $request) {}
 *
 * Example, using allowed callable to define permissions only for the owner of the Posts to edit/delete
 *
 * (remember to add the 'uses' at the top of the permissions.php file for Hash, TableRegistry and Request
   [
        'role' => ['user'],
        'controller' => ['Posts'],
        'action' => ['edit', 'delete'],
        'allowed' => function(array $user, $role, Request $request) {
            $postId = Hash::get($request->params, 'pass.0');
            $post = TableRegistry::getTableLocator()->get('Posts')->get($postId);
            $userId = Hash::get($user, 'id');
            if (!empty($post->user_id) && !empty($userId)) {
                return $post->user_id === $userId;
            }
            return false;
        }
    ],
 */

return [
    'CakeDC/Auth.permissions' => [
        //all bypass
        [
            'prefix' => false,
            'plugin' => 'CakeDC/Users',
            'controller' => 'Users',
            'action' => [
                // LoginTrait
                'socialLogin',
                'login',
                'logout',
                'socialEmail',
                'verify',
                // RegisterTrait
                'register',
                'validateEmail',
                // PasswordManagementTrait used in RegisterTrait
                'changePassword',
                'resetPassword',
                'requestResetPassword',
                // UserValidationTrait used in PasswordManagementTrait
                'resendTokenValidation',
                'linkSocial',
                //U2F actions
                'u2f',
                'u2fRegister',
                'u2fRegisterFinish',
                'u2fAuthenticate',
                'u2fAuthenticateFinish',
            ],
            'bypassAuth' => true,
        ],
        [
            'prefix' => false,
            'plugin' => 'CakeDC/Users',
            'controller' => 'SocialAccounts',
            'action' => [
                'validateAccount',
                'resendValidation',
            ],
            'bypassAuth' => true,
        ],
        //admin role allowed to all the things
        [
            'role' => 'admin',
            'prefix' => '*',
            'extension' => '*',
            'plugin' => '*',
            'controller' => '*',
            'action' => '*',
        ],
        //specific actions allowed for the all roles in Users plugin
        [
            'role' => '*',
            'plugin' => 'CakeDC/Users',
            'controller' => 'Users',
            'action' => ['profile', 'logout', 'linkSocial', 'callbackLinkSocial'],
        ],
        [
            'role' => '*',
            'plugin' => 'CakeDC/Users',
            'controller' => 'Users',
            'action' => 'resetOneTimePasswordAuthenticator',
            'allowed' => function (array $user, $role, \Cake\Http\ServerRequest $request) {
                $userId = \Cake\Utility\Hash::get($request->getAttribute('params'), 'pass.0');
                if (!empty($userId) && !empty($user)) {
                    return $userId === $user['id'];
                }

                return false;
            }
        ],
        //all roles allowed to Pages/display
        [
            'role' => '*',
            'controller' => 'Pages',
            'action' => 'display',
        ],
		[
			'role' => ['user'],
			'plugin' => 'CakeDC/Users',
			'controller' => 'Users',
			'action' => ['edit', 'changePassword', 'index', 'view'],
			'allowed' => function (array $user, $role, \Cake\Http\ServerRequest $request) {
				$userId = \Cake\Utility\Hash::get($request->getAttribute('params'), 'pass.0');
				if (!empty($userId) && !empty($user)) {
					return $userId === $user['id'];
				}

				return false;
			}
		],
		[
			'role' => ['user'],
			'controller' => 'AffiliateCertificates',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Affiliates',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Benefits',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Contributions',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Enterprises',
			'action' => ['add', 'delete', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Events',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'FamilyGroup',
			'action' => ['add', 'addAffiliate', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Home',
			'action' => ['index'],
		],
		[
			'role' => ['user'],
			'controller' => 'InspectionRecords',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'InspectionRecordsEmployees',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'LaborClaim',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'Observations',
			'action' => ['add', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'RegBenefits',
			'action' => ['add', 'edit', 'index', 'view'],
		],
		[
			'role' => ['user'],
			'controller' => 'RegBenefits',
			'action' => ['add', 'edit', 'index', 'view'],
		],
    ]
];
?>

KevinPfeifer · May 29, 2022, 10:41am

There is nothing wrong with your permissions.php as far as I can see.
That error of yours seems to be happening somewhere else.
Please provide a full stacktrace (or a screenshot of the debug kit error) so we can provide further help.

mdeanquin · May 29, 2022, 2:58pm

This is the screenshot of the exception:

KevinPfeifer · May 29, 2022, 5:42pm

Seems like your array $user inisde that closure is not an array but an object.
easiest solution for now would be to just remove the array part of the array $user

But why you have an object in there even though it should be an array is something I can’t tell you.
Did you change something directly in the vendor directory?
Maybe re-install all composer packges via performing

rm -rf vendor composer.lock && composer install

and then try again.

Topic		Replies	Views
CakeDC Users plugin: redirecting issue with Logout page Need Help	1	658	December 6, 2018
Cakephp 4 CakeDC\Users on admin prefix Need Help	6	1251	April 25, 2021
Override controllers, models and traits in cakedc users with cakephp 4.2 Need Help	3	528	July 20, 2022
CakeDC Users Plugin does not read permissions.php Plugins	0	1132	November 2, 2019
Best way to programatically display or hide menus based on role	6	2114	August 15, 2018

Configure permission.php of cakedc users for role user in cakephp 4.2

Releases

Documentation

Community

Configure permission.php of cakedc users for role user in cakephp 4.2

Related topics

Releases

Documentation

Community