Re: CakePHP 3 Role Authorization for controllers and methods

2016-03-27 Thread euromark 
I use https://github.com/dereuromark/cakephp-tinyauth to exactly prevent 
this complicated if/switch statement logic from happening all over the 
controllers ;)
One simple to configure ini file, done.
Mark


Am Sonntag, 27. März 2016 11:43:31 UTC+2 schrieb LSRX4EVER:
>
> Hello Everyone,
>
> I'm a beginner CakePHP 3 developer. I learned fairly quick for my skill 
> level. 
> I'm currently working on a management system for a school, where there 
> will be a couple of roles that will only access specific controller 
> functions. (Student, Instructor, Supervisor, Administrator)
> HOWEVER, each user has a user state that I must validate and set 
> permission temporarily for users
> Example:
>
> Active User
> LoginEnter code here...
> Redirected to their role controller, with only access to those methods in 
> that controller
>
> Inactive User (used for setup)
> Login
> Confirm Account Information
> only aloud to access that setup() action
> once confirmed, it will set the user active and log them out
>
> Disabled User
> Is disabled, unauthorized user. Already have that configured
>
>
> My login function looks like:
> public function login()
> {
> $this->viewBuilder()->layout('login'); 
> if($this->Auth->user()){
> return $this->redirect(['controller'=>'Users','action'=>'index']); //index 
> redirect for now
> } else {
> if($this->request->is('post')){
> $user = $this->Auth->identify();
> $login_error=null;
> if($user){
> $session = $this->request->session(); 
> switch($user['user_status']){
> case '1': //Active - Normal Login
> unset($user['created'], $user['expiration'], $user['user_status'], 
> $user['security_question_answer'], $user['security_question_id'], 
> $user['modified']);
> $userid=$user['id'];
> //$user= array_merge($user, array('Roles' => 
> $this->Users->Roles->find('list', ['order' => ['Roles.role_id' => 
> 'ASC']])->matching('Users', function ($q) use ($userid) {return 
> $q->where(['Users.id' => $userid]);})->toArray()));
> $user = array_merge($user, 
> array('role'=>key($this->Users->Roles->find('list', ['order' => 
> ['Roles.role_id' => 'ASC']])->select(['Roles.role_id'])->matching('Users', 
> function ($q) use ($userid) { return $q->where(['Users.id' => 
> $userid]);})->limit(1)->toArray(;
> $user = array_merge($user, array('user_status' => 1));
> $this->Auth->setUser($user);
> return $this->redirect($this->Auth->redirectUrl('/users/index'));
> break;
> case '2': //Disabled 
> $login_error=1;
> $this->set(compact('login_error'));
> break;
> case '3': //Inactive - Redirect to setup method
> unset($user['created'], $user['expiration'], $user['user_status'], 
> $user['security_question_answer'], $user['security_question_id'], 
> $user['modified']);
> $userid=$user['id'];
> //$user= array_merge($user, array('roles' => 
> $this->Users->Roles->find('list', ['order' => ['Roles.role_id' => 
> 'ASC']])->matching('Users', function ($q) use ($userid) {return 
> $q->where(['Users.id' => $userid]);})->toArray()));
> $user = array_merge($user, 
> array('role'=>key($this->Users->Roles->find('list', ['order' => 
> ['Roles.role_id' => 'ASC']])->select(['Roles.role_id'])->matching('Users', 
> function ($q) use ($userid) { return $q->where(['Users.id' => 
> $userid]);})->limit(1)->toArray()), 'status' => 3));
> $this->Auth->setUser($user); //Auth Role to only allow inactive user 
> privilage to login, recovery and setup?
> /*this isnt right*/ return 
> $this->redirect($this->Auth->redirectUrl('/users/setup'));
> break;
> }
> } 
> if($login_error!=1){
> $login_error=0;
> };
> $this->set(compact('login_error'));
> }
> }
> }
>
> My AppController BeforeFilter looks like:
> public function beforeFilter(Event $event)
> {
> $this->Auth->allow(['/users/login', '/users/recovery']);
> /*
> switch(user_status){
> case 'Active'
> switch(role){
> case 'Student'
> allow student controller methods
> break;
> case 'Supervisor'
> allow supervisor controller methods
> break;
> case 'Instructor'
> allow instructor controller methods
> break;
> case 'Administrator'
> allow administrator controller methods
> break;
> }
> deny login and recovery methods
> break;
> case 'Inactive'
> allow setup and logout methods
> deny login and recovery methods
> break;
> default:
> allow login and recovery methods
> break;
> }
> */
> }
>
>
> I have looked at some things, I am running a basic authentication system 
> and I heard of Access Control Lists (ACL), but its seemed quite intricate 
> and I don't want to spend a week trying to figure something out that's far 
> from my reach.
>
> Any suggestions how to accomplish this?
>

-- 
Sign up for our Newsletter for updates.
http://cakephp.org/newsletter/signup

We will soon be closing this Google Group. But don't worry, we have something 
better coming. Stay tuned for an updated from the CakePHP Team soon.

Like Us on FaceBook https://www.facebook.com/CakePHP
Follow us on Twitter http://twitter.com/CakePHP
--- 
You received this message because you are subscribed to the Google Groups

CakePHP 3 Role Authorization for controllers and methods

2016-03-27 Thread LSRX4EVER 
Hello Everyone,

I'm a beginner CakePHP 3 developer. I learned fairly quick for my skill 
level. 
I'm currently working on a management system for a school, where there will 
be a couple of roles that will only access specific controller functions. 
(Student, Instructor, Supervisor, Administrator)
HOWEVER, each user has a user state that I must validate and set permission 
temporarily for users
Example:

Active User
LoginEnter code here...
Redirected to their role controller, with only access to those methods in 
that controller

Inactive User (used for setup)
Login
Confirm Account Information
only aloud to access that setup() action
once confirmed, it will set the user active and log them out

Disabled User
Is disabled, unauthorized user. Already have that configured


My login function looks like:
public function login()
{
$this->viewBuilder()->layout('login'); 
if($this->Auth->user()){
return $this->redirect(['controller'=>'Users','action'=>'index']); //index 
redirect for now
} else {
if($this->request->is('post')){
$user = $this->Auth->identify();
$login_error=null;
if($user){
$session = $this->request->session(); 
switch($user['user_status']){
case '1': //Active - Normal Login
unset($user['created'], $user['expiration'], $user['user_status'], 
$user['security_question_answer'], $user['security_question_id'], 
$user['modified']);
$userid=$user['id'];
//$user= array_merge($user, array('Roles' => 
$this->Users->Roles->find('list', ['order' => ['Roles.role_id' => 
'ASC']])->matching('Users', function ($q) use ($userid) {return 
$q->where(['Users.id' => $userid]);})->toArray()));
$user = array_merge($user, 
array('role'=>key($this->Users->Roles->find('list', ['order' => 
['Roles.role_id' => 'ASC']])->select(['Roles.role_id'])->matching('Users', 
function ($q) use ($userid) { return $q->where(['Users.id' => 
$userid]);})->limit(1)->toArray(;
$user = array_merge($user, array('user_status' => 1));
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl('/users/index'));
break;
case '2': //Disabled 
$login_error=1;
$this->set(compact('login_error'));
break;
case '3': //Inactive - Redirect to setup method
unset($user['created'], $user['expiration'], $user['user_status'], 
$user['security_question_answer'], $user['security_question_id'], 
$user['modified']);
$userid=$user['id'];
//$user= array_merge($user, array('roles' => 
$this->Users->Roles->find('list', ['order' => ['Roles.role_id' => 
'ASC']])->matching('Users', function ($q) use ($userid) {return 
$q->where(['Users.id' => $userid]);})->toArray()));
$user = array_merge($user, 
array('role'=>key($this->Users->Roles->find('list', ['order' => 
['Roles.role_id' => 'ASC']])->select(['Roles.role_id'])->matching('Users', 
function ($q) use ($userid) { return $q->where(['Users.id' => 
$userid]);})->limit(1)->toArray()), 'status' => 3));
$this->Auth->setUser($user); //Auth Role to only allow inactive user 
privilage to login, recovery and setup?
/*this isnt right*/ return 
$this->redirect($this->Auth->redirectUrl('/users/setup'));
break;
}
} 
if($login_error!=1){
$login_error=0;
};
$this->set(compact('login_error'));
}
}
}

My AppController BeforeFilter looks like:
public function beforeFilter(Event $event)
{
$this->Auth->allow(['/users/login', '/users/recovery']);
/*
switch(user_status){
case 'Active'
switch(role){
case 'Student'
allow student controller methods
break;
case 'Supervisor'
allow supervisor controller methods
break;
case 'Instructor'
allow instructor controller methods
break;
case 'Administrator'
allow administrator controller methods
break;
}
deny login and recovery methods
break;
case 'Inactive'
allow setup and logout methods
deny login and recovery methods
break;
default:
allow login and recovery methods
break;
}
*/
}


I have looked at some things, I am running a basic authentication system 
and I heard of Access Control Lists (ACL), but its seemed quite intricate 
and I don't want to spend a week trying to figure something out that's far 
from my reach.

Any suggestions how to accomplish this?

-- 
Sign up for our Newsletter for updates.
http://cakephp.org/newsletter/signup

We will soon be closing this Google Group. But don't worry, we have something 
better coming. Stay tuned for an updated from the CakePHP Team soon.

Like Us on FaceBook https://www.facebook.com/CakePHP
Follow us on Twitter http://twitter.com/CakePHP
--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.