As described in previous part 1 -Cakephp 3 Login functionality-Authentication and Authorization-Part 1, Authorization means checking, whether the logged in user is having permission to access certain functionalities in your application. To achieve this we need to assign a unique role to each user so that we can differentiate them.
To do this let’s add one more column to our “users” table, named “role”. Either use “alter” command or use phpmyadmin UI to add “role” column.
After adding “role” column, for this tutorial, purpose lets add role “admin” directly in “role” column in last registered user record. I have registered user “user1”, so i added “admin” in this user’s role column.
Add a new user and give him a role as “reader”, i.e. just enter “reader” in role column of this user.
So now we would be having two users. One is having role “admin” and other is “reader”.
Now we need to tell our application’s AppController to use these roles to check the logged in user.
Step 1:
Add “‘authorize’ => [‘Controller’]” in AppController’s “initialize” method, inside “$this->loadComponent(‘Auth’) parameters.
public function initialize() {
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'loginRedirect' => [
'controller' => 'Posts',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display',
'home'
],
'authorize' => ['Controller'],
]);
}
‘authorize’ => [‘Controller’] will tell application to check each and every controller request for valid authorization.
Step 2:
Next add “isAuthorized“ method in AppController.
Using “isAuthorized“ method a user with the “admin” role will be able to access all the controller actions, but if a role in not admin then the user is not allowed. Here we have used role check in “isAuthorized” method in AppController.
public function isAuthorized($user) {
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
Similarly, we can also use “isAuthorized” method in any controller. Like in below example I am using “isAuthorized” method in PostsController. In PostsController, “isAuthorized” method first check the action called. If the action is “index” or “view” and role is “reader” then only a user is allowed to access view method.
public function isAuthorized($user)
{
if(in_array($this->request->getParam('action'),['view','index']))
{
if(isset($user['role']) && $user['role'] === 'reader')
{
return true;
}
}
return parent::isAuthorized($user);
}
As you see we have used “return parent::isAuthorized($user);” at the end of “isAuthorized” method. This will call the parent class’ isAuthorized method. Here parent class is “AppController” where we have allowed access to all the methods if the user’s role is “admin”.
So likewise you can implement simple Cakephp 3 authorization using “isAuthorize” method and using user’s role. You can implement a more complex type of role-based login using the same functionalities.
Subscribe here by email for more tutorials:
