64 Comments

  1. Hi there,

    I have been trying to get this going for a few hours now. I wonder if I am missing something obvious.

    Authentication is working fine without your plugin (with no roles). I am using a role model with containable. My array looks like this:

    [code type=php}
    array(
    ‘User’ => array(
    ‘id’ => ‘1’,
    ‘username’ => ‘mark’,
    ‘Role’ => array(
    (int) 0 => array(
    ‘id’ => ‘1’,
    ‘alias’ => ‘Superadmin’,
    ‘RolesUser’ => array(
    ‘id’ => ‘1’,
    ‘role_id’ => ‘1’,
    ‘user_id’ => ‘1’
    )
    ),
    (int) 1 => array(
    ‘id’ => ‘2’,
    ‘alias’ => ‘Owner’,
    ‘RolesUser’ => array(
    ‘id’ => ‘2’,
    ‘role_id’ => ‘2’,
    ‘user_id’ => ‘1’
    )
    )
    )
    )
    )
    {/code}

    I’ve done a bit of debugging here and there and can confirm the values are being loaded from the acl.ini file. But as soon as I enable the plugin using

    ($this->Auth->authorize = array('Tools.Tiny');

    I get stuck in a redirect loop.

    My component array looks like this:

    'Auth' => array(
    	    'loginRedirect' => array(
                    'controller' => 'dashboard',
                    'action' => 'index'
                ),
                'logoutRedirect' => array(
                    'controller' => 'users',
                    'action' => 'login'
                ),	    
    	    'authenticate' => array(
    		'Form' => array(
    		    'contain' => array('Role')
    		)
    	    )
    	)

    Any tips?

    Many thanks in advance, Mark

  2. Here is that array again with proper formatting:

    array(
    	'User' => array(
    		'id' => '1',
    		'username' => 'mark',
    		'Role' => array(
    			(int) 0 => array(
    				'id' => '1',
    				'alias' => 'Superadmin',
    				'RolesUser' => array(
    					'id' => '1',
    					'role_id' => '1',
    					'user_id' => '1'
    				)
    			),
    			(int) 1 => array(
    				'id' => '2',
    				'alias' => 'Owner',
    				'RolesUser' => array(
    					'id' => '2',
    					'role_id' => '2',
    					'user_id' => '1'
    				)
    			)
    		)
    	)
    )
  3. How does your acl.ini look like?
    Did you try to debug the TinyAuth class where exactly it breaks?
    Also make sure you are using the current master (head).

  4. Hi Mark,

    Thanks for such a quick response!

    I have tried fiddling with the ini quite a bit, it currently looks like this:

    [People]
    * = Superadmin
     
    [Companies]
    * = Superadmin
    index = *

    I downloaded your whole Tools plugin from github just today, so presumably it is the most recent version.

    I have been debugging the TinyAuthorize.php file, trying to figure out where it gets to. I got as far as debugging the $iniArray var (which contained my ini statements), and $availableRoles which contains all the roles in my database.

    I will try some more debugging tomorrow.

    Many thanks again,
    Mark

  5. You seem to have a multi-role setup (instead of a single belongsTo relation, did you configure Tiny appropriately?

    Note that there is a test case that seems to proof that your exact array setup in the session should work just fine.
    Maybe you can write test case that disproves that?

  6. Thanks for your work! A noob question: I am looking for a solution where I don’t authorize users for a whole action but e.g. I wan’t users in all index-actions only to see those model-instances that are bound to their userid. Does TinyAuth the trick or would it be better to use some magic from within the cakephp framework?

  7. I would probably do that as inline checks, usually this is often just a condition to append to the find() call you are doing anyway.

  8. Hi! I’ve got a relation HABTM (One User – Many Roles), but this plugin doesn’t work! 🙁

    When I debug User Session data, it looks like

    array(
    	'User' => array(
    		'id' => '9',
    		'username' => 'falco',
    		'email' => '*******@*****.com',
    		'created' => '2015-05-11 14:07:01',
    		'modified' => '2015-05-11 17:24:57',
    		'Role' => array(
    			(int) 0 => array(
    				'id' => '12',
    				'alias' => 'Admin',
    				'name' => 'Admin',
    				'created' => null,
    				'modified' => '2015-05-11 17:06:05'
    			),
    			(int) 1 => array(
    				'id' => '13',
    				'alias' => 'User',
    				'name' => 'User',
    				'created' => null,
    				'modified' => '2015-05-11 17:06:15'
    			),
    			(int) 2 => array(
    				'id' => '14',
    				'alias' => 'Superadmin',
    				'name' => 'Superadmin',
    				'created' => null,
    				'modified' => '2015-05-11 17:06:22'
    			)
    		)
    	)
    )

    and I configured the AppController like this

    public $components = array(
    		'Acl',
    		'Session',
    		'DebugKit.Toolbar',
    		'Auth'=>array(
    			'loginRedirect'=>array('controller'=>'pages','action'=>'display','home'),
    			'logoutRedirect'=>array('controller'=>'pages','action'=>'display','home'),
    			'authenticate'=>array('Form'=>array('contain'=>'Role')),
    			'authorize'=>array(
    				'Tools.Tiny'=>array(
    					'aclModel' => 'Role',
    					'superadminRole' => 14,
    				)
    			),
    			'authError' => 'Did you really think you are allowed to see that?',
    		)
    	);

    I’ve got a ‘users’ table and a ‘roles’ table, and a ‘roles_users’ join table with a hasAndBelongsToMany relationship that works (join table is populated successfully).

    What am I doing wrong? 🙁

  9. Hi @ all,

    i’ve got the problem that in the user sessions array the roles are not shown.

    I checked all of theses posts but nothing helps.

    About the Application: I run a HABTM user / roles setup. In my user and roles model there is the HABTM statement as follows:

    class User extends  AppModel {
        public $hasAndBelongsToMany  = array(
            'Role' => array(
                'className' => 'Role',
                'joinTable' => 'roles_users',
                'foreignKey' => 'user_id',
                'associationForeignKey' =>'role_id',
                'unique' => true
            )
        );
    
    class Role extends  AppModel {
        public  $hasAndBelongsToMany   = array(
            'User' => array(
                'className' => 'User',
                'joinTable' => 'roles_users',
                'foreignKey' => 'role_id',
                'associationForeignKey' =>'user_id',
                'unique' => true
            )
        );
    
    }

    My AppController is doing this

    public $components = array(
            'Session',
            'Auth' => array(
                'loginRedirect' => array('controller' => 'profiles', 'action' => 'index'),
                'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
                'authorize' => array('Tools.Tiny' => array('allowUser' => true, 'aclModel' => 'Role',)),
                'authenticate' => array('Form' => array('passwordHasher' => 'Blowfish', 'contain' => array('Role')),
                ),
                'loginAction' => array(
                    'controller'=>'users',
                    'action'=>'login',
                    'plugin'=>false,
                    'admin'=>false,
                ),
                'unauthorizedRedirect' => array(
                    'controller' => 'home',
                    'action' => 'login',
                    'admin' => false
                ),
            )
        );

    my acl.ini is pretty easy atm

    [Appartments]
    * = *
    
    [Users]
    * = *

    the TinyAuthorize Plugin file

    protected $_defaultConfig = array(
    		'superadminRole' => null, // quick way to allow access to every action
    		'allowUser' => false, // quick way to allow user access to non prefixed urls
    		'allowAdmin' => false, // quick way to allow admin access to admin prefixed urls
    		'adminPrefix' => 'admin_',
    		'adminRole' => null, // needed together with adminPrefix if allowAdmin is enabled
    		'cache' => AUTH_CACHE,
    		'cacheKey' => 'tiny_auth_acl',
    		'autoClearCache' => false, // usually done by Cache automatically in debug mode,
    		'aclModel' => 'Role', // only for multiple roles per user (HABTM)
    		'aclKey' => 'role_id', // only for single roles per user (BT)
    	);

    i can’t find the error.

    Thanks for you help.

    Timo

  10. Hi,

    I would like to know that how can i stop or unauthorized multiple logins with the same username/ password.

  11. Here is a part of my acl.ini

    [Cities]
    admin_ajax_list = root,admin
    admin_ajax_add = root
    admin_ajax_edit = admin

    if I know the user’s role is "admin", is there a way (preferably from the template page), that I can determine whether or not that user can have access to let’s say the cities/admin_ajax_edit page?

  12. Yes, with the latest version it now is possible 🙂 See the documentation to the new AuthUser component and helper.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.