In this:
public function viewReports()
{
$user = $this->Auth->user();
if ($user->hasPermission('view_reports')) {
// Allow access to view reports
} else {
// Redirect or display an error message
}
}
How do I achieve $user = $this->Auth->user(); in CakePHP 5?
Thanks!
Ugh. Thanks. I’m trying to update a roles based access control tutorial written for Cake 4. From what I’ve understood so far is that $this->Auth->user(); is returning an array, while updating the statement according to the Cake 5 book returns an object… (I’m not a skilled coder, just kinda brute force “learning”…)
The new Auth plugins work completely different than the old AuthComponent.
I’d rather recommend you stay with the old AuthComponent if you don’t want to completely re-work your whole auth system.
For CakePHP 5 I can tell you, that GitHub - dereuromark/cakephp-tinyauth: CakePHP TinyAuth plugin for an easy and fast user authentication and authorization. Single or multi role. DB or config file based. copied to old AuthComponent and will support it further on as well.
The AuthComponent is just not present in the core anymore since CakePHP 5
Thanks. I was suspecting that. But isn’t sticking to old components a bad practice unless there’s a major commitment already involved? I’m just trying to get a skeleton app working in Cake 5, so it seems better to find or figure out a basic RBAC that works with it. WDYT?
I think I’m pretty good at the basic logic, it’s following the abstraction to actually implement it that slows me down. I already have tables for roles, permissions, and roles_permissions and users_roles, and the forms and creating and updating are all working. So I just have to check the user against roles against permissions (which are named, eg “edit_article”) for each method. Tada!
How hard can that be?!
PS: I’m not hinting for a code, just thinking out loud and with a rhetorical question… When I have specific questions I’ll ask! 
If you re-do your app and want RBAC out of the box I’d recommend GitHub - CakeDC/users: Users Plugin for CakePHP
It uses a static array for permissions by default but you can for sure adjust that to use your DB values as well.
About the topic of “sticking to old components”
As everywhere in software development: It depends.
If your app is so huge, that doing a re-work of everything is not suitable, then sticking with the old system is totally fine in my books.
If its rather simple then re-doing it it with the current cake 5 app template and the current auth plugins seems like the right way to go. Especially if you want to implement exactly your RBAC system you want (since thats what the plugins are meant to be used for)
Thanks again. Yeah, cakedc/users seems perfect! It’s installed and a (hopefully) small problem away from being usable.
Cheers!