2

I have been using the following plugin (https://github.com/CakeDC/users) for CakePHP, but I can't figure out how to get the permissions working for it. I have followed all instructions, but it seems authorize does not get used at all. Wondering if anyone has any tips on how to make it work. Here is my setup:

bootstrap.php

Configure::write('Users.config', ['users']);
Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]);

AppController.php initialize function

$this->loadComponent('CakeDC/Users.UsersAuth');

config/users.php

$config = [
    'Auth' => [
        'authError' => 'Did you really think you are allowed to see that?'
    ]
];

return $config;

config/permissions.php

return [
    'Users.SimpleRbac.permissions' => [
        [
            'role' => '*',
            'controller' => 'Pages',
            'action' => ['display'],
            'allowed' => true
        ], [
            'role' => '*',
            'controller' => 'Taxes',
            'action' => ['*'],
            'allowed' => true
        ], [
            'role' => '*',
            'prefix' => 'v1',
            'controller' => '*',
            'action' => '*',
            'allowed' => true
        ]
    ]
];

return $config;

Frankly it seems a CakePHP configuration issue, but I am not able to find where that problem is coming from. I say that because even though debug shows the correct file loaded to authorize, it does not get called.

AKKAweb
  • 3,795
  • 4
  • 33
  • 64

1 Answers1

2

Please ensure you are returning the $config variable in the users.php file and you are initializing the plugin correctly as indicated here https://github.com/CakeDC/users/blob/master/Docs/Documentation/Configuration.md

Configure::write('Users.config', ['users']);
Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]);

I've created a test environment here with your provided Auth configuration and it works correctly https://ide.c9.io/steinkel/users-so-42523209

https://nimbus.everhelper.me/client/notes/share/790695/girguwv9x7rttdvu5c4x

Thanks,

steinkel
  • 1,156
  • 9
  • 15
  • Thank you for your thorough answer. I will review what you did here. I failed to add all code on my question and I have updated it to reflect what I have. – AKKAweb Mar 01 '17 at 12:19
  • I have reviewed your C9 setup and it seems similar to mine. On your `permissions.php` file, you are allowing `'role' => 'user',` to access the homepage. Based on your screenshot it is preventing access to unauthenticated users. I see the same result in my app even when I have `'role' => '*',`. Could you change that permission in your app to `'role' => '*',` and let me know if you are able to view the homepage, or if it continues sending you to the `login` page. Thank you! – AKKAweb Mar 01 '17 at 13:04
  • I mistakenly thought SimpleRbacAuthorize.php would overall allow me not to use $this->Auth->allow(['action']) without a user being logged in. That is not the case. Thanks again! – AKKAweb Mar 01 '17 at 16:59