User login redirect base on role

Hello,

I’m using CakePHP4.X and trying to figure out how to handle different user types to be able redirect them to the following url’s after login
Super Admin redirect to /dashboard - Super Admin can add, edit delete everything
Partner redirect to /partners/dashboard – Partner can add, edit, view, delete their own related data
Members redirect to/members/dashboard - Member can add, edit, view, delete their own related data

once logged in be able to edit their own data ONLY without been able to edit/manipulate/delete ANYONE ELSES DATA?

I currently have Members and Partners with the following tables

partners -table

id PK AI
user_uid – fk user table user_uid
partner_name
partner_contact
partner_phone
rest of fields

then all related partner tables have the following
tablename
id – PK AI
partner_id – FK from id Partner table

members table
id – PK AI
user_uid – fk user table user_uid
member_name
member_phone
rest of fields
Then all related members tables are setup
tablename
id – PK AI
member_id – FK from id in Member Table

Users table
id – PK AI
user_uid – unique string
username unique
password
role_id
role_id – 1 = Super Admin 2 = Partner 3 = Member

user roles table
id
role_type
status
created
modified

Could someone advise how to do the following:

Redirect the user base on role to the correct URL and ONLY allow them to edit their own data?

I have looked a CakeDC – Users Plugin but not 100% sure how to implement it to do the above, if anyone knows how to do this, could you please help me getting it working or explain how to get it working??

Regards

Mal

You can doing this by Users table add role_id and create one table Roles which desciribe the roles associate with the Users Table then define varible to each role in your bootstrap.php

use following code as per
$users = array(SUPER_ADMIN,CLIENT,CLIENT_ADMIN,CLIENT_BASIC); .ctp
initialization of variables

which code do you disable or enable then set following conditions

   if(in_array($activeUser['role_id'], $users)) {   

/// you ctp file code
}

Hi @spadeX

Thanks for this, I have a user_role table setup where in users I have role_id as a FK I missed that of the original post, I shall amend to make sure it is clear.

Will this work in CakePHP 4 Strawberry?

Regards

Yes, it’s works it’s depends on how to do it yourself.

If you’re in cake 4, I’ll assume you are using the new Authentication plugin and Middleware.

To route based on role I have done this.

In my Users::login action (which is almost straight out of the documentation https://book.cakephp.org/authentication/1/en/index.html)

        //If the user is logged in send them to a destination.
        if($result->isValid()){
            $target = $this->Authentication->getLoginRedirect() ?? $this->loginRedirectByRole();
            return $this->redirect($target);
        }

getLoginRedirect() assumes the use of the ‘redirect’ query parameter when configuring the Authenticator. So again, almost straight from the documentation, in Application.php

        $service = new AuthenticationService([
            'identityClass' => $identityWrapper,
            'unauthenticatedRedirect' => Router::url(['controller' => 'users', 'action' => 'login']),
            'queryParam' => 'redirect'
        ]);

Now some sample code for `Users::loginRedirectByRole() which I use if there was no other redirect known:

[ RoleCon is a class full of constants I use to prevent typos ]

function loginRedirectByRole() {
        $identity = $this->getRequest()->getAttribute('identity');
        switch ($identity->get('role')) {
            case RoleCon::SYSTEM_ADMIN:
                $url = ['controller' => 'AdminPanel', 'action' => 'adminPanel'];
                break;
            case RoleCon::TENANT_ADMIN:
                $url = ['controller' => 'Tenants', 'action' => 'adminPanel'];
                break;
            case RoleCon::TENANT_STAFF:
            case RoleCon::WAREHOUSE_STAFF:
            $url = ['controller' => 'Orders', 'action' => 'status'];
                break;
            case RoleCon::WAREHOUSE_ADMIN:
                $url = ['controller' => 'Warehouses', 'action' => 'adminPanel'];
                break;
            default:
                $url = ['unknown role url'];
                break;
        }
        return Router::url($url);
}

From your different destination actions you should be able to control access to the allowed records. Authorization plugin is the tool to control data access once logged in I believe.