When I log in to my application, the user information and permissions are stored in the session’s authentication object.
My User Entity implements the IdentityInterface.
However, if the user itself or an administrator changes the information in the database, this object should be updated in the session.
As a temporary measure, I ran the following command while editing in UserController:
public function edit($id=null) {
...
$this->refreshSessionData();
...
}
private function refreshSessionData()
{
$user = $this->Users->get($this->Authentication->getIdentity()->get('id'), ['finder' => 'authenticatedUser']);
$this->Authentication->setIdentity($user);
}
However, I now had the problem that this only applied to one session, so if I was logged in in another browser with the same user, that data in session was not updated.
Now my approach is to fetch the user data from the database with every request and update the session. I wanted to do this via the AppController::beforeFilter(), but it doesn’t seem to work.
public function beforeFilter(EventInterface $event)
{
parent::beforeFilter($event);
$user = $this->fetchTable('Users')->get($this->Authentication->getIdentity()->get('id'), ['finder' => 'authenticatedUser']);
$this->Authentication->setIdentity($user);
}
I get the following error message.
Call to undefined method App\Model\Entity\User::can()
in RequestAuthorizationMiddleware…
Sorry, i did this in AppController’s beforeFilter() method, but that didn’t work, because after that many other components or in view it’s expecting an Authorization/Identity type, but there was a Entity/User type and it couldn’t find the can() method.
Please see my first post.
In UsersController → refreshSessionData() the setIdentity() works well. When i move that to beforeFilter() in AppController it doesn’t work. Maybe because i redirect to another page after set the Identity in UsersController?