anghazi ghermezi
anghazi ghermezi

Reputation: 461

Authorization and ACL in cakephp 3

I search the document but I don't find anything about ACL implementation in cakephp 3. How can I implement authorization with ACL in cakephp 3?

Upvotes: 7

Views: 11661

Answers (2)

Marc
Marc

Reputation: 39

Great question, as Daniel Castro said the plugin is at https://github.com/cakephp/acl.

The part that is missing is to override 'isAuthorized' in your 'AppController.php' with something like:

...
use Acl\Controller\Component\AclComponent;
use Cake\Controller\ComponentRegistry;
...



public function isAuthorized($user){
      $Collection = new ComponentRegistry();
      $acl= new AclComponent($Collection);
      $username=$user['username'];
      $controller=$this->request->controller;
      $action=$this->request->action;
      $check=$acl->check($user['username'],"$controller/$action");
      return $check;
    }

Someone wiser than I will know better if the user/action/controller bits could be better sanitized. There are lots of warnings about the stability of this plugin and 'gotchas' on acl in terms of performance.

I am cutting over from a 1.3 implementation, it was helpful to add in the AppController 'initialize' info from http://book.cakephp.org/3.0/en/controllers/components/authentication.html

Upvotes: 3

Daniel Castro
Daniel Castro

Reputation: 633

ACL is not built into CakePHP 3 as it was in CakePHP 2. It is now available as a separate plugin.

Quote from http://book.cakephp.org/3.0/en/appendices/3-0-migration-guide.html

ACL related classes were moved to a separate plugin. Password hashers, Authentication and Authorization providers where moved to the \Cake\Auth namespace. You are required to move your providers and hashers to the App\Auth namespace as well.

You can find the plugin at https://github.com/cakephp/acl, but note that it's not yet stable.

Upvotes: 4

Related Questions