From 944d21bc86071ede712982806515dd1dfb53cd12 Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 11:12:48 +0100 Subject: [PATCH 01/12] Added some config keys to allow a simpler configuration through loadComponent and changed the behaviour of undefined pivot tables --- src/Auth/TinyAuthorize.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 6dfefaf5..c793780a 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -44,8 +44,12 @@ class TinyAuthorize extends BaseAuthorize { protected $_defaultConfig = [ 'roleColumn' => 'role_id', // name of column in users table holding role id (used for single role/BT only) + 'userColumn' => 'user_id', 'aliasColumn' => 'alias', // name of column in roles table holding role alias/slug 'rolesTable' => 'Roles', // name of Configure key holding available roles OR class name of roles table + 'usersTable' => 'Users', // name of the Users table + 'pivotTablePlugin' => '', // Name of the plugin managing the users table + 'rolesTablePlugin' => '', // Name of the plugin managing the roles table 'multiRole' => false, // true to enables multirole/HABTM authorization (requires a valid join table) 'pivotTable' => null, // Use instead of auto-detect for the multi-role pivot table holding the user's roles 'superAdminRole' => null, // id of super admin role granted access to ALL resources @@ -324,7 +328,8 @@ protected function _getAvailableRoles() { } // fetch roles from database - $rolesTable = TableRegistry::get($this->_config['rolesTable']); + $rolesPlugin=$this->_config['rolesTablePlugin']; + $rolesTable = TableRegistry::get(((!$rolesPlugin)?$rolesPlugin.'.':'').$this->_config['rolesTable']); $roles = $rolesTable->find('all')->formatResults(function ($results) { return $results->combine($this->_config['aliasColumn'], 'id'); @@ -359,9 +364,10 @@ protected function _getUserRoles($user) { // multi-role: reverse engineer name of the pivot table $rolesTableName = $this->_config['rolesTable']; $pivotTableName = $this->_config['pivotTable']; + $usersTableName = $this->_config['usersTable']; if (!$pivotTableName) { $tables = [ - CLASS_USERS, + Inflector::singularize($usersTableName), $rolesTableName ]; asort($tables); @@ -369,10 +375,11 @@ protected function _getUserRoles($user) { } // fetch roles directly from the pivot table - $pivotTable = TableRegistry::get($pivotTableName); + $pivotTablePlugin=$this->_config['pivotTablePlugin']; + $pivotTable = TableRegistry::get(((!$pivotTablePlugin)?$pivotTablePlugin.'.':'').$pivotTableName); $roleColumn = $this->_config['roleColumn']; $roles = $pivotTable->find('all', [ - 'conditions' => ['user_id' => $user['id']], + 'conditions' => [$this->_config['userColumn'] => $user['id']], 'fields' => $roleColumn ])->extract($roleColumn)->toArray(); From 5825ce38cf6edcddbe267d106ef516c049988337 Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 11:17:49 +0100 Subject: [PATCH 02/12] Updated docs --- docs/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 01a12615..1eff2fa2 100644 --- a/docs/README.md +++ b/docs/README.md @@ -107,11 +107,13 @@ When using the single-role-per-user model TinyAuth expects your Users model to contain an column named ``role_id``. If you prefer to use another column name simply specify it using the ``roleColumn`` configuration option. +The ``roleColumn`` option is also used on pivot table in a multi-role setup. + ### Multi-role When using the multiple-roles-per-user model: - your database MUST have a ``roles`` table -- your database MUST have a valid join table (e.g. ``roles_users``) +- your database MUST have a valid join table (e.g. ``user_roles``, by default, it's constructed with users table first in the name). This can be overriden with the ``pivotTable`` option. - the configuration option ``multiRole`` MUST be set to ``true`` Example of a record from a valid join table: From 525da8be788fcf22c3a866b106ea6259fd2c1c87 Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 11:20:23 +0100 Subject: [PATCH 03/12] removed useless CLASS_USER constant --- config/bootstrap.php | 5 ----- src/Auth/TinyAuthorize.php | 3 --- 2 files changed, 8 deletions(-) delete mode 100644 config/bootstrap.php diff --git a/config/bootstrap.php b/config/bootstrap.php deleted file mode 100644 index dd227b27..00000000 --- a/config/bootstrap.php +++ /dev/null @@ -1,5 +0,0 @@ - Date: Tue, 5 Jan 2016 11:31:15 +0100 Subject: [PATCH 04/12] Updated config keys --- docs/README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/README.md b/docs/README.md index 1eff2fa2..15ae0143 100644 --- a/docs/README.md +++ b/docs/README.md @@ -205,9 +205,14 @@ TinyAuth supports the following configuration options. Option | Type | Description :----- | :--- | :---------- -roleColumn|string|Name of column in user table holding role id (only used for single-role per user/BT) -roleAlias|string|Name of the column for the alias +roleColumn|string|Name of column in user table holding role id (used for foreign key in users table in a single role per user setup, or in the pivot tableon multi-roles setups) +userColumn|string|Name of column in pivot table holding role id (only used in pivot table on multi-roles setups) +aliasColumn|string|Name of the column for the alias in the role table rolesTable|string|Name of Configure key holding all available roles OR class name of roles database table +usersTable|string|Class name of the users table. +pivotTable|string|Name of the pivot table, for a multi-group setup. +rolesTablePlugin|string|Name of the plugin for the roles table, if any. +pivotTablePlugin|string|Name of the plugin for the pivot table, if any. multiRole|boolean|True will enable multi-role/HABTM authorization (requires a valid join table) superAdminRole|int|Id of the super admin role. Users with this role will have access to ALL resources. authorizeByPrefix|boolean|If prefixed routes should be auto-handled by their matching role name. From 573579b264041806e7f69c900bac112cc685a886 Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 11:40:15 +0100 Subject: [PATCH 05/12] Updated tests --- tests/TestCase/Auth/TinyAuthorizeTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/TestCase/Auth/TinyAuthorizeTest.php b/tests/TestCase/Auth/TinyAuthorizeTest.php index 6d8b5508..c44d7890 100644 --- a/tests/TestCase/Auth/TinyAuthorizeTest.php +++ b/tests/TestCase/Auth/TinyAuthorizeTest.php @@ -1410,7 +1410,7 @@ protected function _getAcl($path = TMP) { * @return Cake\ORM\Table The User table */ public function getTable() { - $Users = TableRegistry::get(CLASS_USERS); + $Users = TableRegistry::get($this->_config['usersTable']); $Users->belongsTo('Roles'); return $Users; From 8e6f861ae44b13c35f4c6a0322ccd0e261f8a44c Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 12:14:15 +0100 Subject: [PATCH 06/12] Removed singular name for first pivot table name, split some lines and added missing spaces... to correct previous failing PR --- docs/README.md | 2 +- src/Auth/TinyAuthorize.php | 37 ++++++++++++++++++++++--------------- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/docs/README.md b/docs/README.md index 15ae0143..64508068 100644 --- a/docs/README.md +++ b/docs/README.md @@ -113,7 +113,7 @@ The ``roleColumn`` option is also used on pivot table in a multi-role setup. When using the multiple-roles-per-user model: - your database MUST have a ``roles`` table -- your database MUST have a valid join table (e.g. ``user_roles``, by default, it's constructed with users table first in the name). This can be overriden with the ``pivotTable`` option. +- your database MUST have a valid join table (e.g. ``users_roles``). This can be overriden with the ``pivotTable`` option. - the configuration option ``multiRole`` MUST be set to ``true`` Example of a record from a valid join table: diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 10e9284e..1e12e15e 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -41,7 +41,7 @@ class TinyAuthorize extends BaseAuthorize { protected $_defaultConfig = [ 'roleColumn' => 'role_id', // name of column in users table holding role id (used for single role/BT only) - 'userColumn' => 'user_id', + 'userColumn' => 'user_id', 'aliasColumn' => 'alias', // name of column in roles table holding role alias/slug 'rolesTable' => 'Roles', // name of Configure key holding available roles OR class name of roles table 'usersTable' => 'Users', // name of the Users table @@ -67,7 +67,7 @@ class TinyAuthorize extends BaseAuthorize { * @throws \Cake\Core\Exception\Exception */ public function __construct(ComponentRegistry $registry, array $config = []) { - $config += (array)Configure::read('TinyAuth'); + $config += (array) Configure::read('TinyAuth'); $config += $this->_defaultConfig; if (!$config['prefixes'] && !empty($config['authorizeByPrefix'])) { throw new Exception('Invalid TinyAuthorization setup for `authorizeByPrefix`. Please declare `prefixes`.'); @@ -147,7 +147,7 @@ public function validate($userRoles, Request $request) { if (isset($this->_acl[$iniKey]['actions']['*'])) { $matchArray = $this->_acl[$iniKey]['actions']['*']; foreach ($userRoles as $userRole) { - if (in_array((string)$userRole, $matchArray)) { + if (in_array((string) $userRole, $matchArray)) { return true; } } @@ -155,10 +155,10 @@ public function validate($userRoles, Request $request) { // Allow access if user has been granted access to the specific resource if (isset($this->_acl[$iniKey]['actions'])) { - if(array_key_exists($request->action, $this->_acl[$iniKey]['actions']) && !empty($this->_acl[$iniKey]['actions'][$request->action])) { + if (array_key_exists($request->action, $this->_acl[$iniKey]['actions']) && !empty($this->_acl[$iniKey]['actions'][$request->action])) { $matchArray = $this->_acl[$iniKey]['actions'][$request->action]; foreach ($userRoles as $userRole) { - if (in_array((string)$userRole, $matchArray)) { + if (in_array((string) $userRole, $matchArray)) { return true; } } @@ -325,12 +325,16 @@ protected function _getAvailableRoles() { } // fetch roles from database - $rolesPlugin=$this->_config['rolesTablePlugin']; - $rolesTable = TableRegistry::get(((!$rolesPlugin)?$rolesPlugin.'.':'').$this->_config['rolesTable']); + $rolesPlugin = $this->_config['rolesTablePlugin']; + $roleTable = $this->_config['rolesTable']; + if (!$rolesPlugin) { + $roleTable = $rolesPlugin . '.' . $roleTable; + } + $rolesTable = TableRegistry::get($roleTable); $roles = $rolesTable->find('all')->formatResults(function ($results) { - return $results->combine($this->_config['aliasColumn'], 'id'); - })->toArray(); + return $results->combine($this->_config['aliasColumn'], 'id'); + })->toArray(); if (!count($roles)) { throw new Exception('Invalid TinyAuthorize Role Setup (rolesTable has no roles)'); @@ -364,7 +368,7 @@ protected function _getUserRoles($user) { $usersTableName = $this->_config['usersTable']; if (!$pivotTableName) { $tables = [ - Inflector::singularize($usersTableName), + $usersTableName, $rolesTableName ]; asort($tables); @@ -372,13 +376,16 @@ protected function _getUserRoles($user) { } // fetch roles directly from the pivot table - $pivotTablePlugin=$this->_config['pivotTablePlugin']; - $pivotTable = TableRegistry::get(((!$pivotTablePlugin)?$pivotTablePlugin.'.':'').$pivotTableName); + $pivotTablePlugin = $this->_config['pivotTablePlugin']; + if (!$pivotTablePlugin) { + $pivotTableName = $pivotTablePlugin . '.' . $pivotTableName; + } + $pivotTable = TableRegistry::get($pivotTableName); $roleColumn = $this->_config['roleColumn']; $roles = $pivotTable->find('all', [ - 'conditions' => [$this->_config['userColumn'] => $user['id']], - 'fields' => $roleColumn - ])->extract($roleColumn)->toArray(); + 'conditions' => [$this->_config['userColumn'] => $user['id']], + 'fields' => $roleColumn + ])->extract($roleColumn)->toArray(); if (!count($roles)) { throw new Exception('Missing TinyAuthorize roles for user in pivot table'); From 5ae4c23520dff056991108690504be8e3ee615a8 Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 12:26:23 +0100 Subject: [PATCH 07/12] removed spaces after cases --- src/Auth/TinyAuthorize.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 1e12e15e..92004095 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -67,7 +67,7 @@ class TinyAuthorize extends BaseAuthorize { * @throws \Cake\Core\Exception\Exception */ public function __construct(ComponentRegistry $registry, array $config = []) { - $config += (array) Configure::read('TinyAuth'); + $config += (array)Configure::read('TinyAuth'); $config += $this->_defaultConfig; if (!$config['prefixes'] && !empty($config['authorizeByPrefix'])) { throw new Exception('Invalid TinyAuthorization setup for `authorizeByPrefix`. Please declare `prefixes`.'); @@ -147,7 +147,7 @@ public function validate($userRoles, Request $request) { if (isset($this->_acl[$iniKey]['actions']['*'])) { $matchArray = $this->_acl[$iniKey]['actions']['*']; foreach ($userRoles as $userRole) { - if (in_array((string) $userRole, $matchArray)) { + if (in_array((string)$userRole, $matchArray)) { return true; } } @@ -158,7 +158,7 @@ public function validate($userRoles, Request $request) { if (array_key_exists($request->action, $this->_acl[$iniKey]['actions']) && !empty($this->_acl[$iniKey]['actions'][$request->action])) { $matchArray = $this->_acl[$iniKey]['actions'][$request->action]; foreach ($userRoles as $userRole) { - if (in_array((string) $userRole, $matchArray)) { + if (in_array((string)$userRole, $matchArray)) { return true; } } From 91b59b288543d29765fac363f69977058cb96ea6 Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 12:28:00 +0100 Subject: [PATCH 08/12] Reverting extra tabs --- src/Auth/TinyAuthorize.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 92004095..dc43e054 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -333,8 +333,8 @@ protected function _getAvailableRoles() { $rolesTable = TableRegistry::get($roleTable); $roles = $rolesTable->find('all')->formatResults(function ($results) { - return $results->combine($this->_config['aliasColumn'], 'id'); - })->toArray(); + return $results->combine($this->_config['aliasColumn'], 'id'); + })->toArray(); if (!count($roles)) { throw new Exception('Invalid TinyAuthorize Role Setup (rolesTable has no roles)'); From db95fae3313b8c86865fb3ee71d7632845f93f28 Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 12:29:20 +0100 Subject: [PATCH 09/12] Fixed a typo --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 64508068..24d57a34 100644 --- a/docs/README.md +++ b/docs/README.md @@ -113,7 +113,7 @@ The ``roleColumn`` option is also used on pivot table in a multi-role setup. When using the multiple-roles-per-user model: - your database MUST have a ``roles`` table -- your database MUST have a valid join table (e.g. ``users_roles``). This can be overriden with the ``pivotTable`` option. +- your database MUST have a valid join table (e.g. ``users_roles``). This can be overridden with the ``pivotTable`` option. - the configuration option ``multiRole`` MUST be set to ``true`` Example of a record from a valid join table: From e21e2ff0a57ae1221d8b9d5a20beaefe655eb64e Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 12:43:33 +0100 Subject: [PATCH 10/12] Removed the bootstrap part on plugin::load --- README.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/README.md b/README.md index 15794aee..852ad49f 100644 --- a/README.md +++ b/README.md @@ -34,15 +34,7 @@ composer require dereuromark/cakephp-tinyauth:dev-master Then load the plugin: ```php -Plugin::load('TinyAuth', ['bootstrap' => true]); -``` - -For `Plugin::loadAll()` it's - -```php -Plugin::loadAll([ - 'TinyAuth' => ['bootstrap' => true] -]); +Plugin::load('TinyAuth'); ``` That's it. It should be up and running. From b74b34a646b4c287d6b230935fac0a9e098a7777 Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 13:50:59 +0100 Subject: [PATCH 11/12] Updated plugin activation after @bravo-kernel proposition --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 852ad49f..a9436ece 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,13 @@ Installing the plugin is pretty much as with every other CakePHP Plugin. composer require dereuromark/cakephp-tinyauth:dev-master ``` -Then load the plugin: +Then, to load the plugin either run the following command: + +```sh +bin/cake plugin load TinyAuth +``` + +or manually add the following line to your app's `config/bootstrap.php` file: ```php Plugin::load('TinyAuth'); From 750be221ab59065ab3948fc54208c3042044748d Mon Sep 17 00:00:00 2001 From: Manuel Tancoigne Date: Tue, 5 Jan 2016 13:52:23 +0100 Subject: [PATCH 12/12] And removed some extra spaces :) --- src/Auth/TinyAuthorize.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index dc43e054..7f933519 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -383,9 +383,9 @@ protected function _getUserRoles($user) { $pivotTable = TableRegistry::get($pivotTableName); $roleColumn = $this->_config['roleColumn']; $roles = $pivotTable->find('all', [ - 'conditions' => [$this->_config['userColumn'] => $user['id']], - 'fields' => $roleColumn - ])->extract($roleColumn)->toArray(); + 'conditions' => [$this->_config['userColumn'] => $user['id']], + 'fields' => $roleColumn + ])->extract($roleColumn)->toArray(); if (!count($roles)) { throw new Exception('Missing TinyAuthorize roles for user in pivot table');