0

I'm working on a project based on CakePHP.

There is multiple users with different views and privileges. How to manage their login process? Should I implement a login function in each controller? Or make one script or function for all? Does That mean that there will be also one controller for all users that manage the authorization process?

onlyforthis
  • 444
  • 1
  • 5
  • 21
  • When you say Users with different views and privileges you mean roles, right? At least, that should be the way you design your system. Each user has one or more roles and the roles has different access. The login function would just one. When logged in you know which role(s) the user has and will grant access accordingly. – Jose Areas Jun 18 '14 at 19:54
  • I have been intentionally avoiding CakePHP, but you might find this to be an alternative approach: http://stackoverflow.com/a/9685039/727208 (not sure what you would have to do to apply it to cake) – tereško Jun 18 '14 at 20:41
  • You might want to look into [tinyauth](http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/). It can manage different roles while keeping the logic out of your controllers. – mark Jun 19 '14 at 01:08

1 Answers1

0

One login for all. CakePHP has features you can use change its appearance and available pages and functions based on the status of whoever's logged in.

  1. Access Control Lists, or ACL, see http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html ACL is more difficult to set up than other solutions, but if you have a complex list of features that users may or may not have permission to on an individual basis, this is what ACL is for. A lot of the time this feature is overkill.

  2. Have a field on users that corresponds to user level. God, admin, member, etc. Then switch layouts according to who is logged on in. Example, say you have a field called role that can be "god", "admin" or "user", and layouts that correspond to them "god.ctp", "admin.ctp", "user.ctp" Then you can just add in the beforefilter of AppController:

    public function beforeFilter() 
{
    if($this->Auth->user())
        $this->layout = $this->Auth->user('role');  
}

Then, simply use the Auth's components isAuthorized feature to deny or allow users of various roles access. For example, in AppController:

public function isAuthorized($user) 
{   
    // Admin and god can access every action, including those with the admin prefix
    if (isset($user['role']) && in_array($user['role'], array('admin', 'god'))) 
    { 
        return true; 
    } 

    //allow all logged in users access to items without a prefix  
    if( !isset($this->params['prefix']))  return true;  

    // Default deny -- regular users can't access pages with the admin prefix
    return false; 
}

I recommend you read up on the Auth component - http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html

Kai
  • 3,803
  • 1
  • 16
  • 33
  • The users are in multiple DB tables. Should i create users controller and model that combine them? – onlyforthis Jun 19 '14 at 15:07
  • @hzjw - Probably, unless there's a very particular reason why you would want them in multiple tables. – Kai Jun 19 '14 at 15:09