$_registry
$_registry : \Cake\Controller\ComponentRegistry
ComponentRegistry instance for getting more components.
An authorization adapter for AuthComponent. Provides the ability to authorize using a controller callback. Your controller's isAuthorized() method should return a boolean to indicate whether or not the user is authorized.
public function isAuthorized($user)
{
if ($this->request->getParam('admin')) {
return $user['role'] === 'admin';
}
return !empty($user);
}The above is simple implementation that would only authorize users of the 'admin' role to access admin routing.
$_registry : \Cake\Controller\ComponentRegistry
ComponentRegistry instance for getting more components.
$_Controller : \Cake\Controller\Controller
Controller for the request.
__construct(\Cake\Controller\ComponentRegistry $registry, array $config = array())
Constructor
| \Cake\Controller\ComponentRegistry | $registry | The controller for this request. |
| array | $config | An array of config. This class does not use any config. |
authorize(array|\ArrayAccess $user, \Cake\Http\ServerRequest $request) : boolean
Checks user authorization using a controller callback.
| array|\ArrayAccess | $user | Active user data |
| \Cake\Http\ServerRequest | $request | Request instance. |
setConfig(string|array $key, mixed|null $value = null, boolean $merge = true) : $this
Sets the config.
Setting a specific value:
$this->setConfig('key', $value);Setting a nested value:
$this->setConfig('some.nested.key', $value);Updating multiple config settings at the same time:
$this->setConfig(['one' => 'value', 'another' => 'value']);| string|array | $key | The key to set, or a complete array of configs. |
| mixed|null | $value | The value to set. |
| boolean | $merge | Whether to recursively merge or overwrite existing config, defaults to true. |
When trying to set a key that is invalid.
getConfig(string|null $key = null, mixed $default = null) : mixed
Returns the config.
Reading the whole config:
$this->getConfig();Reading a specific value:
$this->getConfig('key');Reading a nested value:
$this->getConfig('some.nested.key');Reading with default value:
$this->getConfig('some-key', 'default-value');| string|null | $key | The key to get or null for the whole config. |
| mixed | $default | The return value when the key does not exist. |
Config value being read.
config(string|array|null $key = null, mixed|null $value = null, boolean $merge = true) : mixed
Gets/Sets the config.
Reading the whole config:
$this->config();Reading a specific value:
$this->config('key');Reading a nested value:
$this->config('some.nested.key');Setting a specific value:
$this->config('key', $value);Setting a nested value:
$this->config('some.nested.key', $value);Updating multiple config settings at the same time:
$this->config(['one' => 'value', 'another' => 'value']);| string|array|null | $key | The key to get/set, or a complete array of configs. |
| mixed|null | $value | The value to set. |
| boolean | $merge | Whether to recursively merge or overwrite existing config, defaults to true. |
When trying to set a key that is invalid.
Config value being read, or the object itself on write operations.
configShallow(string|array $key, mixed|null $value = null) : $this
Merge provided config with existing config. Unlike `config()` which does a recursive merge for nested keys, this method does a simple merge.
Setting a specific value:
$this->configShallow('key', $value);Setting a nested value:
$this->configShallow('some.nested.key', $value);Updating multiple config settings at the same time:
$this->configShallow(['one' => 'value', 'another' => 'value']);| string|array | $key | The key to set, or a complete array of configs. |
| mixed|null | $value | The value to set. |
controller(\Cake\Controller\Controller|null $controller = null) : \Cake\Controller\Controller
Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.
| \Cake\Controller\Controller|null | $controller | null to get, a controller to set. |
If controller does not have method isAuthorized().
_configWrite(string|array $key, mixed $value, boolean|string $merge = false) : void
Writes a config key.
| string|array | $key | Key to write to. |
| mixed | $value | Value to write. |
| boolean|string | $merge | True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false. |
if attempting to clobber existing config
<?php
/**
* CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
* @link https://cakephp.org CakePHP(tm) Project
* @since 2.0.0
* @license https://opensource.org/licenses/mit-license.php MIT License
*/
namespace Cake\Auth;
use Cake\Controller\ComponentRegistry;
use Cake\Controller\Controller;
use Cake\Core\Exception\Exception;
use Cake\Http\ServerRequest;
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize
* using a controller callback. Your controller's isAuthorized() method should
* return a boolean to indicate whether or not the user is authorized.
*
* ```
* public function isAuthorized($user)
* {
* if ($this->request->getParam('admin')) {
* return $user['role'] === 'admin';
* }
* return !empty($user);
* }
* ```
*
* The above is simple implementation that would only authorize users of the
* 'admin' role to access admin routing.
*
* @see \Cake\Controller\Component\AuthComponent::$authenticate
*/
class ControllerAuthorize extends BaseAuthorize
{
/**
* Controller for the request.
*
* @var \Cake\Controller\Controller
*/
protected $_Controller;
/**
* {@inheritDoc}
*/
public function __construct(ComponentRegistry $registry, array $config = [])
{
parent::__construct($registry, $config);
$this->controller($registry->getController());
}
/**
* Get/set the controller this authorize object will be working with. Also
* checks that isAuthorized is implemented.
*
* @param \Cake\Controller\Controller|null $controller null to get, a controller to set.
* @return \Cake\Controller\Controller
* @throws \Cake\Core\Exception\Exception If controller does not have method `isAuthorized()`.
*/
public function controller(Controller $controller = null)
{
if ($controller) {
if (!method_exists($controller, 'isAuthorized')) {
throw new Exception(sprintf(
'%s does not implement an isAuthorized() method.',
get_class($controller)
));
}
$this->_Controller = $controller;
}
return $this->_Controller;
}
/**
* Checks user authorization using a controller callback.
*
* @param array|\ArrayAccess $user Active user data
* @param \Cake\Http\ServerRequest $request Request instance.
* @return bool
*/
public function authorize($user, ServerRequest $request)
{
return (bool)$this->_Controller->isAuthorized($user);
}
}