Class ControllerAuthorize

An authorization adapter for AuthComponent. Provides the ability to authorize using a controller callback. Your controller's isAuthorized() method should return a boolean to indicate whether or not the user is authorized.

public function isAuthorized($user)
 {
     if ($this->request->getParam('admin')) {
         return $user['role'] === 'admin';
     }
     return !empty($user);
 }

The above is simple implementation that would only authorize users of the 'admin' role to access admin routing.

Namespace: Cake\Auth

Properties summary

  • $_Controller protected
    \Cake\Controller\Controller

    Controller for the request.

  • $_config protected
    array

    Runtime config

  • $_configInitialized protected
    bool

    Whether the config property has already been configured with defaults

  • $_defaultConfig protected
    array

    Default config for authorize objects.

  • $_registry protected
    \Cake\Controller\ComponentRegistry

    ComponentRegistry instance for getting more components.

Method Summary

  • __construct() public

    Constructor

  • _configDelete() protected

    Deletes a single config key.

  • _configRead() protected

    Reads a config key.

  • _configWrite() protected

    Writes a config key.

  • authorize() public

    Checks user authorization using a controller callback.

  • configShallow() public

    Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

  • controller() public

    Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.

  • getConfig() public

    Returns the config.

  • getConfigOrFail() public

    Returns the config for this specific key.

  • setConfig() public

    Sets the config.

Method Detail

__construct() public 

__construct(\Cake\Controller\ComponentRegistry $registry, array $config)

Constructor

Parameters

\Cake\Controller\ComponentRegistry $registry

The controller for this request.

array $config optional

An array of config. This class does not use any config.

_configDelete() protected 

_configDelete(string $key)

Deletes a single config key.

Parameters

string $key

Key to delete.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

_configRead() protected 

_configRead(?string $key)

Reads a config key.

Parameters

string|null $key

Key to read.

Returns

mixed

_configWrite() protected 

_configWrite(mixed $key, mixed $value, mixed $merge)

Writes a config key.

Parameters

string|array $key

Key to write to.

mixed $value

Value to write.

bool|string $merge optional

True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Throws

Cake\Core\Exception\Exception
if attempting to clobber existing config

authorize() public 

authorize(mixed $user, \Cake\Http\ServerRequest $request)

Checks user authorization using a controller callback.

Parameters

array|\ArrayAccess $user

Active user data

\Cake\Http\ServerRequest $request

Request instance.

Returns

bool

Throws

Cake\Core\Exception\Exception
If controller does not have method `isAuthorized()`.

configShallow() public 

configShallow(mixed $key, mixed $value)

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->configShallow('key', $value);

Setting a nested value:

$this->configShallow('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->configShallow(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

Returns

$this

controller() public 

controller(?\Cake\Controller\Controller $controller)

Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.

Parameters

\Cake\Controller\Controller|null $controller optional

null to get, a controller to set.

Returns

\Cake\Controller\Controller

getConfig() public 

getConfig(?string $key, mixed $default)

Returns the config.

Usage

Reading the whole config:

$this->getConfig();

Reading a specific value:

$this->getConfig('key');

Reading a nested value:

$this->getConfig('some.nested.key');

Reading with default value:

$this->getConfig('some-key', 'default-value');

Parameters

string|null $key optional

The key to get or null for the whole config.

mixed $default optional

The return value when the key does not exist.

Returns

mixed

Configuration data at the named key or null if the key does not exist.

getConfigOrFail() public 

getConfigOrFail(string $key)

Returns the config for this specific key.

The config value for this key must exist, it can never be null.

Parameters

string $key

The key to get.

Returns

mixed

Configuration data at the named key

Throws

InvalidArgumentException

setConfig() public 

setConfig(mixed $key, mixed $value, mixed $merge)

Sets the config.

Usage

Setting a specific value:

$this->setConfig('key', $value);

Setting a nested value:

$this->setConfig('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->setConfig(['one' => 'value', 'another' => 'value']);

Parameters

string|array $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

bool $merge optional

Whether to recursively merge or overwrite existing config, defaults to true.

Returns

$this

Throws

Cake\Core\Exception\Exception
When trying to set a key that is invalid.

Property Detail

$_Controller protected

Controller for the request.

Type

\Cake\Controller\Controller

$_config protected

Runtime config

Type

array

$_configInitialized protected

Whether the config property has already been configured with defaults

Type

bool

$_defaultConfig protected

Default config for authorize objects.

Type

array

$_registry protected

ComponentRegistry instance for getting more components.

Type

\Cake\Controller\ComponentRegistry

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.0/class-Cake.Auth.ControllerAuthorize.html