DarkAuth v1.3 - the intro
» Page: 1 - the intro, 2 - the component, 3 - the setup
Update: I have ammended the component code, as it was not working with the RC of 1.2 only a small fix but necessary. Thanks to those of you who pointed the bug out to me!
This is an update to my original DarkAuth component (http://bakery.cakephp.org/articles/view/darkauth-another-way), with increased efficiency and easier access control. It works exactly how I want to, so it might not be your first choice, but it's a solid alternative to the inbuilt AuthComponent.
Main Features:
- Per action / per controller / inline access control
- Group support for HABTM and BelongsTo Group associations, or disable groups control completely.
- A "super-user" functionality allowing one group automatic access granted
- Optional tamper-proof Cookie support
- Custom password hashing to suit your Model
- Passes User Info and Access Matrix to view
- Methods to access User Info / Access Matrix in Controller
Firstly thank you to everyone who encouraged me after the first release of DarkAuth. Looking back at it, it was flawed yet I got support from the community and have worked to better it.
So I'll start the article again with just how easy it is to use.
Let's say you have a SecretsController which you want to restrict access to:
Controller Class:
- <?php
- class SecretsController extends AppController {
- var $name = 'Secrets';
- var $_DarkAuth;
- ...
- }
- ?>
See what I did there? Now you'd have to be logged in to access this Controller. So, now you want to refine this to allow only logged on users that are a member of the group Admin or the group SecretKeepers. Easy!
Controller Class:
- <?php
- class SecretsController extends AppController {
- var $name = 'Secrets';
- var $_DarkAuth = array('required'=>array('Admin','SecretKeepers'));
- ...
- }
- ?>
Not bad eh? So moving on, by default your users if not allowed access will see your specified "deny" page, but you want them to be redirected back to /public. Again, straightforward.
Controller Class:
- <?php
- class SecretsController extends AppController {
- var $name = 'Secrets';
- var $_DarkAuth = array(
- 'required'=>array('Admin','SecretKeepers'),
- 'onDeny'=>'/public'
- );
- ...
- }
- ?>
Now, any attempt to access your SecretsController will be presented with a login page if not logged in and if logged in but not a member of the group, will be redirected to /public.
This can be done per action as well, to further enhance the usefullness of the component. E.g. you have a DocumentsController which might be publically accessible but also might have some top secret documents in it. You only want members of the group TopBrass to be able to see these restricted documents.
Controller Class:
- <?php
- function display($id=0){
- $this->Document->id = $id;
- $doc = $this->Document->read();
- if($doc['Document']['top_secret'] == true){
- $this->DarkAuth->requiresAuth('TopBrass');
- }
- ...
- }
- ?>
Note that the function DarkAuth::requiresAuth() stops processing after you call it and will bring up an "access denied" view if authentication fails. So no need to exit().
Or more common if you wanted to show content based on whether authentication was present? The DarkAuth::isAllowed() function returns whether access is allowed, but doesn't stop processing:
Controller Class:
The final selling point (and most useful in my opinion) is the $_DarkAuth available in the View, automatically populated with the user info from the user model and the access control list. e.g.
- <?php
- pr($_DarkAuth);
- ?>
Yields if logged in:
- array(
- 'User' => array(
- 'id' => 1
- 'username' => superstar
- 'password' => abcdef1234567890abcdef1234567890
- 'other_info' => Some data
- )
- 'Access' => array(
- 'group_you_have_access_to' => 1
- 'another_group_you_have_access_to' => 1
- 'group_you_have_NO_access_to' => 0
- )
- )
Which means you can do this:
View Template:
Convinced? I hope so. Now on the Code and Setup!
» Page: 1 - the intro, 2 - the component, 3 - the setup