[[CakePHP3めも]]

#contents

以下のプラグインを導入すればアクセス管理の幅が広がります。
-[[CakePhp3-AclManager:https://github.com/JcPires/CakePhp3-AclManager]]
-[[acl:https://github.com/cakephp/acl]]

参考~
http://qiita.com/eiroh/items/f37a70a35103de6c6a1b

*テーブルの作成 [#d0c29a9e]

users, groupsテーブルを作成します。
参考~
http://book.cakephp.org/2.0/ja/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application.html#id1

bakeしてプログラム類を自動生成します。

 $ bin/cake bake all users
 $ bin/cake bake all groups

*プラグインのインストール [#g641d913]

composer.jsonに2行追加します。

     "require": {
         "php": ">=5.5.9",
         "cakephp/cakephp": "3.3.*",
         "mobiledetect/mobiledetectlib": "2.*",
         "cakephp/migrations": "~1.0",
         "cakephp/plugin-installer": "*",
         "cakephp/acl": "dev-master",
         "jcpires/cakephp3-aclmanager": "dev-master"
     },

 # /usr/local/bin/composer.phar update

*記述の追加 [#h760fadf]

**bootstrap.php [#t1ec03b4]

config/bootstrap.php に追加します。

 Plugin::load('Acl', ['bootstrap' => true]);

**AppController.php [#n74de87f]

 <?php
 namespace App\Controller;
 
 use Cake\Controller\Controller;
 use Cake\Event\Event;
 use Cake\Controller\ComponentRegistry;
 use Acl\Controller\Component\AclComponent;
 
 class AppController extends Controller
 {
     public function beforeFilter(Event $event)
     {
         $this->Auth->allow();
     }
 
     public function initialize()
     {
         parent::initialize();
 
         $this->loadComponent('RequestHandler');
         $this->loadComponent('Flash');
         $this->loadComponent('Acl.Acl');
         $this->loadComponent('Auth', [
             'authorize' => 'Controller',
             'unauthorizedRedirect' => false,
             'authError' => 'アクセス権限がありません',
         ]);
     }
 
     public function beforeRender(Event $event)
     {
         if (!array_key_exists('_serialize', $this->viewVars) &&
             in_array($this->response->type(), ['application/json', 'application/xml'])
         ) {
             $this->set('_serialize', true);
         }
     }
 
     public function isAuthorized($user)
     {
         $Collection = new ComponentRegistry();
         $acl = new AclComponent($Collection);
         $controller = $this->request->controller;
         $action     = $this->request->action;
         return $acl->check(['Users' => ['id' => $user['id']]], "$controller/$action");
     }
 }

**GroupsController.php [#e57f02bd]

変更していないfunctionは省いています。

 <?php
 namespace App\Controller;
 
 use App\Controller\AppController;
 use Cake\Event\Event;
 use JcPires\AclManager\Event\PermissionsEditor;
 
 class GroupsController extends AppController
 {
     public $helpers = [
         'AclManager' => [
             'className' => 'JcPires/AclManager.AclManager'
         ]
     ];
 
     public function add()
     {
         $group = $this->Groups->newEntity();
         if ($this->request->is('post')) {
             $group = $this->Groups->patchEntity($group, $this->request->data);
             if ($this->Groups->save($group)) {
                 $this->Flash->success(__('The group has been saved.'));
 
                 return $this->redirect(['action' => 'index']);
             } else {
                 $this->Flash->error(__('The group could not be saved. Please, try again.'));
             }
         }
         $this->set(compact('group'));
         $this->set('_serialize', ['group']);
     }
 
     public function edit($id = null)
     {
         $group = $this->Groups->get($id, [
             'contain' => []
         ]);
 
         $this->loadComponent('JcPires/AclManager.AclManager');
         $EditablePerms = $this->AclManager->getFormActions();
 
         if ($this->request->is(['patch', 'post', 'put'])) {
             $group = $this->Groups->patchEntity($group, $this->request->data);
             if ($this->Groups->save($group)) {
                 $this->eventManager()->on(new PermissionsEditor());
                 $perms = new Event('Permissions.editPerms', $this, [
                     'Aro' => $group,
                     'datas' => $this->request->data
                 ]);
                 $this->eventManager()->dispatch($perms);
 
                 $this->Flash->success(__('The group has been saved.'));
 
                 return $this->redirect(['action' => 'index']);
             } else {
                 $this->Flash->error(__('The group could not be saved. Please, try again.'));
             }
         }
         $this->set(compact('group', 'EditablePerms'));
         $this->set('_serialize', ['group', 'EditablePerms']);
     }
 }

**UsersController.php [#v1c27b25]

変更していないfunctionは省いています。

 <?php
 namespace App\Controller;
 
 use App\Controller\AppController;
 use Cake\Event\Event;
 
 class UsersController extends AppController
 {
     public function beforeFilter(Event $event)
     {
         parent::beforeFilter($event);
         $this->Auth->allow(['login']);
     }
 
     public function login()
     {
         if ($this->request->is('post')) {
             $user = $this->Auth->identify();
 
             if ($user) {
                 $this->Auth->setUser($user);
                 return $this->redirect($this->Auth->redirectUrl());
             }
             $this->Flash->error(__('Invalid username or password, try again'));
         }
     }
 
     public function logout()
     {
         return $this->redirect($this->Auth->logout());
     }

**Group.php [#y50f5d87]

     public function parentNode()
     {
         return null;
     }

**User.php [#f5d3bc5c]

 use Cake\ORM\TableRegistry;
 use Cake\Auth\DefaultPasswordHasher;

     protected function _setPassword($password)
     {
         return (new DefaultPasswordHasher)->hash($password);
     }
 
     public function parentNode()
     {
         if (!$this->id) {
             return null;
         }
         if (isset($this->group_id)) {
             $group_id = $this->group_id;
         } else {
             $users_table = TableRegistry::get('Users');
             $user = $users_table->find('all', ['fields' => ['group_id']])->where(['id' => $this->id])->first();
             $group_id = $user->group_id;
         }
         if (!$group_id) {
             return null;
         }
 
         return ['Groups' => ['id' => $group_id]];
     }

**Groups.php [#c3c3a5c3]

 $this->addBehavior('Acl.Acl', ['type' => 'requester']);

**Users.php [#z63e0b65]

 $this->addBehavior('Acl.Acl', ['type' => 'requester']);


**Groups/edit.ctp [#z53145a2]

     <?= $this->Form->create($group) ?>
     <fieldset>
         <legend><?= __('Edit Group') ?></legend>
         <?php
             echo $this->Form->input('name');
         ?>
         <?php foreach ($EditablePerms as $Acos) :?>
             <?php foreach ($Acos as $controllerPath => $actions) :?>
                 <?php if (!empty($actions)) :?>
                     <h4><?= $controllerPath ;?></h4>
                     <?php foreach ($actions as $action) :?>
                         <?php ($this->AclManager->checkGroup($group, $controllerPath.'/'.$action)) ? $val = 1 : $val = 0 ?>
                         <?= $this->Form->label($controllerPath.'/'.$action, $action);?>
                         <?= $this->Form->select($controllerPath.'/'.$action, [0 => 'No', 1 => 'Yes'], ['value' => $val]) ;?>
                     <?php endforeach ;?>
                 <?php endif;?>
             <?php endforeach ;?>
         <?php endforeach ;?>
     </fieldset>
     <?= $this->Form->button(__('Submit')) ?>
     <?= $this->Form->end() ?>

**Users/login.ctp [#wb7cec0e]

 <div class="users form">
 <?= $this->Flash->render('auth') ?>
 <?= $this->Form->create() ?>
     <fieldset>
         <legend><?= __('Please enter your username and password') ?></legend>
         <?= $this->Form->input('username') ?>
         <?= $this->Form->input('password') ?>
     </fieldset>
 <?= $this->Form->button(__('Login')); ?>
 <?= $this->Form->end() ?>
 </div>

*aclテーブルの作成 [#fefb1003]

 $ bin/cake Migrations.migrations migrate -p Acl

*Acoデータの作成 [#webad04c]

 $ bin/cake acl_extras aco_sync
 $ bin/cake acl create aco controllers App
 $ bin/cake acl create aco App isAuthorized

確認

 $ bin/cake acl view aco

*グループとユーザーの登録 [#za4bbae3]

**グループを登録 [#i709aab0]
http://localhost/groups/add

**グループの権限設定 [#h905249d]
http://localhost/groups/edit/1

**ユーザーの登録 [#ye347093]
http://localhost/users/add

*動作確認 [#pbeb347a]

**ログアウト [#gfd47018]
http://localhost/users/logout

**AppController.phpの一部をコメント化 [#ge9155b4]

 #$this->Auth->allow();

**リダイレクトされることを確認 [#ze2bfc94]
http://localhost/ へアクセスすると http://localhost/users/login へリダイレクトされる

他にも設定した権限通りに動作するか確認します。

*ControllerやActionを追加した際の更新方法 [#r3134587]

 $ bin/cake acl_extras aco_update

トップ   編集 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS