Im currently new on cakephp and following youtube tutorials on cakephp but couldn’t seem to find anything about admin in the cookbook. i’ve already finish setting up the authentication and the authorization from the cookbook. what i want to happen is when i log in it will check the user role and redirect it from admin or user. then when a user edit a table it’ll fail to change the tables because of the policy that only admin can edit tables data.
Application.php
public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface
{
$service = new AuthenticationService();
// Define where users should be redirected to when they are not authenticated
$service->setConfig([
'unauthenticatedRedirect' => Router::url([
'prefix' => false,
'plugin' => null,
'controller' => 'Users',
'action' => 'login',
]),
'queryParam' => 'redirect',
]);
$fields = [
IdentifierInterface::CREDENTIAL_USERNAME => 'username',
IdentifierInterface::CREDENTIAL_PASSWORD => 'password'
];
// Load the authenticators. Session should be first.
$service->loadAuthenticator('Authentication.Session');
// The code below is for the remember me function to work which save your cookie for the login.
$service->loadAuthenticator('Authentication.Cookie', [
'fields' => $fields,
]);
$service->loadAuthenticator('Authentication.Form', [
'fields' => $fields,
'loginUrl' => Router::url([
'prefix' => false,
'plugin' => null,
'controller' => 'Users',
'action' => 'login',
]),
]);
// Load identifiers
$service->loadIdentifier('Authentication.Password', compact('fields'));
return $service;
}
Userpolicy
class UserPolicy
{
/**
* Check if $user can add User
*
* @param \Authorization\IdentityInterface $user The user.
* @param \App\Model\Entity\User $resource
* @return bool
*/
public function canAdd(IdentityInterface $user, User $resource)
{
return true;
}
/**
* Check if $user can edit User
*
* @param \Authorization\IdentityInterface $user The user.
* @param \App\Model\Entity\User $resource
* @return bool
*/
public function canEdit(IdentityInterface $user, User $resource)
{
return true;
}
/**
* Check if $user can delete User
*
* @param \Authorization\IdentityInterface $user The user.
* @param \App\Model\Entity\User $resource
* @return bool
*/
public function canDelete(IdentityInterface $user, User $resource)
{
return false;
}
/**
* Check if $user can view User
*
* @param \Authorization\IdentityInterface $user The user.
* @param \App\Model\Entity\User $resource
* @return bool
*/
public function canView(IdentityInterface $user, User $resource)
{
return true;
}
You need user type segregation. With this, you can set super-admin, admin, manager, data-entry, view-only, etc types of user access (using Policy authorization to control everything).
Someone asked this previously and here is a way to do it so you will have full-control.
thank you yousuo for sharing your idea and codes because of that I’ve got an idea on how to do it. but correct me if I’m wrong. Will it be possile to just make a table just as yours but named “roles” that has id primary key, user_id index, roles? and if my table data in roles is: 1 , 2(user id) , admin. then configure in policy that
public function canUpdate(IdentityInterface $user, Article $article)
{
if($user->id == $article->user_id){
return true;
} (code from policy edited)
it will read the data in users tbl and roles tbl role? also will i need to setup another controller roles aka UserAccess in your case?
i would be glad to hear your advice on this thank you.
Yes, it would be possible to just create the table roles, and link all the user-id to it. You can also do it directly in the users database-table (just by creating an additional field called roles)
The main portion is actually controlling all of the access using Policy files.
i followed your advice on the if statement and got a new error " Pre-authorization check must return Authorization\Policy\ResultInterface , bool or null ". i have made the model roles already and i haven’t yet made the code of linking tables together in cakebook because I’m having trouble understanding what to put in className and propertyName. i checked the quick start guide where articles table is created yet I’ve not found any “authors” as the example states. If its ok i would like to ask again for your advice. thank you
this is the code i wrote on the edit for testing if it’ll work. in my roles table there is a data
id - 1
user_id - (id from the user in users tbl)
role - Admin