New configuration keys

README.md

@@ -31,18 +31,16 @@ Installing the plugin is pretty much as with every other CakePHP Plugin.
 composer require dereuromark/cakephp-tinyauth:dev-master
 ```
 
-Then load the plugin:
+Then, to load the plugin either run the following command:
 
-```php
-Plugin::load('TinyAuth', ['bootstrap' => true]);
+```sh
+bin/cake plugin load TinyAuth
 ```
 
-For `Plugin::loadAll()` it's
+or manually add the following line to your app's `config/bootstrap.php` file:
 
 ```php
-Plugin::loadAll([
-		'TinyAuth' => ['bootstrap' => true]
-]);
+Plugin::load('TinyAuth');
 ```
 
 That's it. It should be up and running.

docs/README.md

@@ -107,11 +107,13 @@ When using the single-role-per-user model TinyAuth expects your Users model to
 contain an column named ``role_id``. If you prefer to use another column name
 simply specify it using the ``roleColumn`` configuration option.
 
+The ``roleColumn`` option is also used on pivot table in a multi-role setup.
+
 ### Multi-role
 When using the multiple-roles-per-user model:
 
 - your database MUST have a ``roles`` table
-- your database MUST have a valid join table (e.g. ``roles_users``)
+- your database MUST have a valid join table (e.g. ``users_roles``). This can be overridden with the ``pivotTable`` option.
 - the configuration option ``multiRole`` MUST be set to ``true``
 
 Example of a record from a valid join table:
@@ -203,9 +205,14 @@ TinyAuth supports the following configuration options.
 
 Option | Type | Description
 :----- | :--- | :----------
-roleColumn|string|Name of column in user table holding role id (only used for single-role per user/BT)
-roleAlias|string|Name of the column for the alias
+roleColumn|string|Name of column in user table holding role id (used for foreign key in users table in a single role per user setup, or in the pivot tableon multi-roles setups)
+userColumn|string|Name of column in pivot table holding role id (only used in pivot table on multi-roles setups)
+aliasColumn|string|Name of the column for the alias in the role table
 rolesTable|string|Name of Configure key holding all available roles OR class name of roles database table
+usersTable|string|Class name of the users table.
+pivotTable|string|Name of the pivot table, for a multi-group setup.
+rolesTablePlugin|string|Name of the plugin for the roles table, if any.
+pivotTablePlugin|string|Name of the plugin for the pivot table, if any.
 multiRole|boolean|True will enable multi-role/HABTM authorization (requires a valid join table)
 superAdminRole|int|Id of the super admin role. Users with this role will have access to ALL resources.
 authorizeByPrefix|boolean|If prefixed routes should be auto-handled by their matching role name.

src/Auth/TinyAuthorize.php

@@ -11,9 +11,6 @@
 use Cake\ORM\TableRegistry;
 use Cake\Utility\Inflector;
 
-if (!defined('CLASS_USERS')) {
-	define('CLASS_USERS', 'Users'); // override if you have it in a plugin: PluginName.Users etc
-}
 if (!defined('AUTH_CACHE')) {
 	define('AUTH_CACHE', '_cake_core_'); // use the most persistent cache by default
 }
@@ -44,8 +41,12 @@ class TinyAuthorize extends BaseAuthorize {
 
 	protected $_defaultConfig = [
 		'roleColumn' => 'role_id', // name of column in users table holding role id (used for single role/BT only)
+		'userColumn' => 'user_id',
 		'aliasColumn' => 'alias', // name of column in roles table holding role alias/slug
 		'rolesTable' => 'Roles', // name of Configure key holding available roles OR class name of roles table
+		'usersTable' => 'Users', // name of the Users table
+		'pivotTablePlugin' => '', // Name of the plugin managing the users table
+		'rolesTablePlugin' => '', // Name of the plugin managing the roles table
 		'multiRole' => false, // true to enables multirole/HABTM authorization (requires a valid join table)
 		'pivotTable' => null, // Use instead of auto-detect for the multi-role pivot table holding the user's roles
 		'superAdminRole' => null, // id of super admin role granted access to ALL resources
@@ -154,7 +155,7 @@ public function validate($userRoles, Request $request) {
 
 		// Allow access if user has been granted access to the specific resource
 		if (isset($this->_acl[$iniKey]['actions'])) {
-			if(array_key_exists($request->action, $this->_acl[$iniKey]['actions']) && !empty($this->_acl[$iniKey]['actions'][$request->action])) {
+			if (array_key_exists($request->action, $this->_acl[$iniKey]['actions']) && !empty($this->_acl[$iniKey]['actions'][$request->action])) {
 				$matchArray = $this->_acl[$iniKey]['actions'][$request->action];
 				foreach ($userRoles as $userRole) {
 					if (in_array((string)$userRole, $matchArray)) {
@@ -324,7 +325,12 @@ protected function _getAvailableRoles() {
 		}
 
 		// fetch roles from database
-		$rolesTable = TableRegistry::get($this->_config['rolesTable']);
+		$rolesPlugin = $this->_config['rolesTablePlugin'];
+		$roleTable = $this->_config['rolesTable'];
+		if (!$rolesPlugin) {
+			$roleTable = $rolesPlugin . '.' . $roleTable;
+		}
+		$rolesTable = TableRegistry::get($roleTable);
 
 		$roles = $rolesTable->find('all')->formatResults(function ($results) {
 			return $results->combine($this->_config['aliasColumn'], 'id');
@@ -359,20 +365,25 @@ protected function _getUserRoles($user) {
 		// multi-role: reverse engineer name of the pivot table
 		$rolesTableName = $this->_config['rolesTable'];
 		$pivotTableName = $this->_config['pivotTable'];
+		$usersTableName = $this->_config['usersTable'];
 		if (!$pivotTableName) {
 			$tables = [
-				CLASS_USERS,
+				$usersTableName,
 				$rolesTableName
 			];
 			asort($tables);
 			$pivotTableName = implode('', $tables);
 		}
 
 		// fetch roles directly from the pivot table
+		$pivotTablePlugin = $this->_config['pivotTablePlugin'];
+		if (!$pivotTablePlugin) {
+			$pivotTableName = $pivotTablePlugin . '.' . $pivotTableName;
+		}
 		$pivotTable = TableRegistry::get($pivotTableName);
 		$roleColumn = $this->_config['roleColumn'];
 		$roles = $pivotTable->find('all', [
-			'conditions' => ['user_id' => $user['id']],
+			'conditions' => [$this->_config['userColumn'] => $user['id']],
 			'fields' => $roleColumn
 		])->extract($roleColumn)->toArray();
 

tests/TestCase/Auth/TinyAuthorizeTest.php

@@ -1410,7 +1410,7 @@ protected function _getAcl($path = TMP) {
 	 * @return Cake\ORM\Table The User table
 	 */
 	public function getTable() {
-		$Users = TableRegistry::get(CLASS_USERS);
+		$Users = TableRegistry::get($this->_config['usersTable']);
 		$Users->belongsTo('Roles');
 
 		return $Users;