Quick Start
Installation
Install the plugin with composer from your CakePHPProject’s ROOT directory (where the composer.json file is located)
- php composer.phar require cakephp/authorization:^2.0
Load the plugin by adding the following statement in your project’ssrc/Application.php
:
- $this->addPlugin('Authorization');
Getting Started
The Authorization plugin integrates into your application as a middleware layerand optionally a component to make checking authorization easier. First, letsapply the middleware. In src/Application.php add the following to the classimports:
- use Authorization\AuthorizationService;
- use Authorization\AuthorizationServiceInterface;
- use Authorization\AuthorizationServiceProviderInterface;
- use Authorization\Middleware\AuthorizationMiddleware;
- use Authorization\Policy\OrmResolver;
- use Psr\Http\Message\ResponseInterface;
- use Psr\Http\Message\ServerRequestInterface;
Add the AuthorizationProviderInterface
to the implemented interfaces on your application:
- class Application extends BaseApplication implements AuthorizationServiceProviderInterface
Then add the following to your middleware()
method:
- // Add authorization (after authentication if you are using that plugin too).
- $middleware->add(new AuthorizationMiddleware($this));
The AuthorizationMiddleware
will call a hook method on your application whenit starts handling the request. This hook method allows your application todefine the AuthorizationService
it wants to use. Add the following method yoursrc/Application.php:
- public function getAuthorizationService(ServerRequestInterface $request, ResponseInterface $response)
- {
- $resolver = new OrmResolver();
- return new AuthorizationService($resolver);
- }
This configures basic Policy Resolvers that will matchORM entities with their policy classes.
Next, lets add the AuthorizationComponent
to AppController
. Insrc/Controller/AppController.php add the following to the initialize()
method:
- $this->loadComponent('Authorization.Authorization');
By loading the AuthorizationComponent we’ll be able to checkauthorization on a per-action basis more easily. For example, we can do:
- public function edit($id = null)
- {
- $article = $this->Article->get($id);
- $this->Authorization->authorize($article, 'update');
- // Rest of action
- }
By calling authorize
we can use our Policies to enforce ourapplication’s access control rules. You can check permissions anywhere by usingthe identity stored in the request.