User login redirect base on role


I’m using CakePHP4.X and trying to figure out how to handle different user types to be able redirect them to the following url’s after login
Super Admin redirect to /dashboard - Super Admin can add, edit delete everything
Partner redirect to /partners/dashboard – Partner can add, edit, view, delete their own related data
Members redirect to/members/dashboard - Member can add, edit, view, delete their own related data

once logged in be able to edit their own data ONLY without been able to edit/manipulate/delete ANYONE ELSES DATA?

I currently have Members and Partners with the following tables

partners -table

id PK AI
user_uid – fk user table user_uid
rest of fields

then all related partner tables have the following
id – PK AI
partner_id – FK from id Partner table

members table
id – PK AI
user_uid – fk user table user_uid
rest of fields
Then all related members tables are setup
id – PK AI
member_id – FK from id in Member Table

Users table
id – PK AI
user_uid – unique string
username unique
role_id – 1 = Super Admin 2 = Partner 3 = Member

user roles table

Could someone advise how to do the following:

Redirect the user base on role to the correct URL and ONLY allow them to edit their own data?

I have looked a CakeDC – Users Plugin but not 100% sure how to implement it to do the above, if anyone knows how to do this, could you please help me getting it working or explain how to get it working??



You can doing this by Users table add role_id and create one table Roles which desciribe the roles associate with the Users Table then define varible to each role in your bootstrap.php

use following code as per
initialization of variables

which code do you disable or enable then set following conditions

   if(in_array($activeUser['role_id'], $users)) {   

/// you ctp file code

Hi @spadeX

Thanks for this, I have a user_role table setup where in users I have role_id as a FK I missed that of the original post, I shall amend to make sure it is clear.

Will this work in CakePHP 4 Strawberry?


Yes, it’s works it’s depends on how to do it yourself.

If you’re in cake 4, I’ll assume you are using the new Authentication plugin and Middleware.

To route based on role I have done this.

In my Users::login action (which is almost straight out of the documentation

        //If the user is logged in send them to a destination.
            $target = $this->Authentication->getLoginRedirect() ?? $this->loginRedirectByRole();
            return $this->redirect($target);

getLoginRedirect() assumes the use of the ‘redirect’ query parameter when configuring the Authenticator. So again, almost straight from the documentation, in Application.php

        $service = new AuthenticationService([
            'identityClass' => $identityWrapper,
            'unauthenticatedRedirect' => Router::url(['controller' => 'users', 'action' => 'login']),
            'queryParam' => 'redirect'

Now some sample code for `Users::loginRedirectByRole() which I use if there was no other redirect known:

[ RoleCon is a class full of constants I use to prevent typos ]

function loginRedirectByRole() {
        $identity = $this->getRequest()->getAttribute('identity');
        switch ($identity->get('role')) {
            case RoleCon::SYSTEM_ADMIN:
                $url = ['controller' => 'AdminPanel', 'action' => 'adminPanel'];
            case RoleCon::TENANT_ADMIN:
                $url = ['controller' => 'Tenants', 'action' => 'adminPanel'];
            case RoleCon::TENANT_STAFF:
            case RoleCon::WAREHOUSE_STAFF:
            $url = ['controller' => 'Orders', 'action' => 'status'];
            case RoleCon::WAREHOUSE_ADMIN:
                $url = ['controller' => 'Warehouses', 'action' => 'adminPanel'];
                $url = ['unknown role url'];
        return Router::url($url);

From your different destination actions you should be able to control access to the allowed records. Authorization plugin is the tool to control data access once logged in I believe.

1 Like

Dear Mr. dreamingmind,

I am using cake4 and the new Authentication plugin.

The getLoginRedirect() always return null even on Log in page, I can see the redirect parameter in browser URL.

I can never got redirected to the page before log in page.

I follow all the step in documentation. Any suggestion , please ?

This is my second google result.

The updated approach and examples can be found here: