I search the document but I don't find anything about ACL implementation in cakephp 3. How can I implement authorization with ACL in cakephp 3?
Asked
Active
Viewed 1.2k times
2 Answers
4
ACL is not built into CakePHP 3 as it was in CakePHP 2. It is now available as a separate plugin.
Quote from http://book.cakephp.org/3.0/en/appendices/3-0-migration-guide.html
ACL related classes were moved to a separate plugin. Password hashers, Authentication and Authorization providers where moved to the \Cake\Auth namespace. You are required to move your providers and hashers to the App\Auth namespace as well.
You can find the plugin at https://github.com/cakephp/acl, but note that it's not yet stable.
Community
- 1
- 1
Daniel Castro
- 643
- 6
- 16
3
Great question, as Daniel Castro said the plugin is at https://github.com/cakephp/acl.
The part that is missing is to override 'isAuthorized' in your 'AppController.php' with something like:
...
use Acl\Controller\Component\AclComponent;
use Cake\Controller\ComponentRegistry;
...
public function isAuthorized($user){
$Collection = new ComponentRegistry();
$acl= new AclComponent($Collection);
$username=$user['username'];
$controller=$this->request->controller;
$action=$this->request->action;
$check=$acl->check($user['username'],"$controller/$action");
return $check;
}
Someone wiser than I will know better if the user/action/controller bits could be better sanitized. There are lots of warnings about the stability of this plugin and 'gotchas' on acl in terms of performance.
I am cutting over from a 1.3 implementation, it was helpful to add in the AppController 'initialize' info from http://book.cakephp.org/3.0/en/controllers/components/authentication.html
Marc
- 39
- 2