CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Reporting Security Issues
    • Privacy Policy
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Get Involved
    • Issues (Github)
    • Bakery
    • Featured Resources
    • Training
    • Meetups
    • My CakePHP
    • CakeFest
    • Newsletter
    • Linkedin
    • YouTube
    • Facebook
    • Twitter
    • Mastodon
    • Help & Support
    • Forum
    • Stack Overflow
    • IRC
    • Slack
    • Paid Support
CakePHP

C Authorization 2.x API

  • Project:
    • Authorization
      • CakePHP
      • Authentication
      • Authorization
      • Chronos
      • Elastic Search
      • Queue
  • Version:
    • 2.x
      • 3.x
      • 2.x

Namespaces

  • Authorization
    • Command
    • Controller
      • Component
    • Exception
    • Middleware
    • Policy

Class AuthorizationComponent

Authorization Component

Makes it easier to check authorization in CakePHP controllers. Applies conventions on matching policy methods to controller actions, and raising errors when authorization fails.

Namespace: Authorization\Controller\Component

Property Summary

  • $_componentMap protected
    array<string, array>

    A component lookup table used to lazy load component objects.

  • $_config protected
    array<string, mixed>

    Runtime config

  • $_configInitialized protected
    bool

    Whether the config property has already been configured with defaults

  • $_defaultConfig protected
    array<string, mixed>

    Default config

  • $_registry protected
    Cake\Controller\ComponentRegistry

    Component registry class used to lazy load components.

  • $components protected
    array

    Other Components this component uses.

Method Summary

  • __construct() public

    Constructor

  • __debugInfo() public

    Returns an array that can be used to describe the internal state of this object.

  • __get() public

    Magic method for lazy loading $components.

  • _configDelete() protected

    Deletes a single config key.

  • _configRead() protected

    Reads a config key.

  • _configWrite() protected

    Writes a config key.

  • applyScope() public

    Applies a scope for $resource.

  • authorize() public

    Check the policy for $resource, raising an exception on error.

  • authorizeAction() public

    Action authorization handler.

  • authorizeModel() public

    Adds an action to automatic model authorization checks.

  • can() public

    Check the policy for $resource, returns true if the action is allowed

  • canResult() public

    Check the policy for $resource, returns true if the action is allowed

  • checkAction() protected

    Checks whether an action should be authorized according to the config key provided.

  • configShallow() public

    Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

  • getConfig() public

    Returns the config.

  • getConfigOrFail() public

    Returns the config for this specific key.

  • getController() public

    Get the controller this component is bound to.

  • getDefaultAction() protected

    Returns authorization action name for a controller action resolved from the request.

  • getIdentity() protected

    Get the identity from a request.

  • getService() protected

    Get the authorization service from a request.

  • implementedEvents() public

    Returns model authorization handler if model authorization is enabled.

  • initialize() public

    Constructor hook method.

  • log() public

    Convenience method to write a message to Log. See Log::write() for more information on writing to logs.

  • mapAction() public

    Allows to map controller action to another authorization policy action.

  • mapActions() public

    Allows to map controller actions to policy actions.

  • performCheck() protected

    Check the policy for $resource.

  • setConfig() public

    Sets the config.

  • skipAuthorization() public

    Skips the authorization check.

Method Detail

__construct() ¶ public

__construct(Cake\Controller\ComponentRegistry $registry, array<string, mixed> $config = [])

Constructor

Parameters
Cake\Controller\ComponentRegistry $registry

A component registry this component can use to lazy load its components.

array<string, mixed> $config optional

Array of configuration settings.

__debugInfo() ¶ public

__debugInfo(): array<string, mixed>

Returns an array that can be used to describe the internal state of this object.

Returns
array<string, mixed>

__get() ¶ public

__get(string $name): Cake\Controller\Component|null

Magic method for lazy loading $components.

Parameters
string $name

Name of component to get.

Returns
Cake\Controller\Component|null

_configDelete() ¶ protected

_configDelete(string $key): void

Deletes a single config key.

Parameters
string $key

Key to delete.

Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config

_configRead() ¶ protected

_configRead(string|null $key): mixed

Reads a config key.

Parameters
string|null $key

Key to read.

Returns
mixed

_configWrite() ¶ protected

_configWrite(array<string, mixed>|string $key, mixed $value, string|bool $merge = false): void

Writes a config key.

Parameters
array<string, mixed>|string $key

Key to write to.

mixed $value

Value to write.

string|bool $merge optional

True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Returns
void
Throws
Cake\Core\Exception\CakeException
if attempting to clobber existing config

applyScope() ¶ public

applyScope(mixed $resource, string|null $action = null): mixed

Applies a scope for $resource.

If $action is left undefined, the current controller action will be used.

Parameters
mixed $resource

The resource to apply a scope to.

string|null $action optional

The action to apply a scope for.

Returns
mixed

authorize() ¶ public

authorize(mixed $resource, string|null $action = null): void

Check the policy for $resource, raising an exception on error.

If $action is left undefined, the current controller action will be used.

Parameters
mixed $resource

The resource to check authorization on.

string|null $action optional

The action to check authorization for.

Returns
void
Throws
Authorization\Exception\ForbiddenException
when policy check fails.

authorizeAction() ¶ public

authorizeAction(): void

Action authorization handler.

Checks identity and model authorization.

Returns
void

authorizeModel() ¶ public

authorizeModel(string ...$actions): $this

Adds an action to automatic model authorization checks.

Parameters
string ...$actions

Controller action to authorize against table policy.

Returns
$this

can() ¶ public

can(mixed $resource, string|null $action = null): bool

Check the policy for $resource, returns true if the action is allowed

If $action is left undefined, the current controller action will be used.

Parameters
mixed $resource

The resource to check authorization on.

string|null $action optional

The action to check authorization for.

Returns
bool

canResult() ¶ public

canResult(mixed $resource, string|null $action = null): Authorization\Policy\ResultInterface

Check the policy for $resource, returns true if the action is allowed

If $action is left undefined, the current controller action will be used.

Parameters
mixed $resource

The resource to check authorization on.

string|null $action optional

The action to check authorization for.

Returns
Authorization\Policy\ResultInterface

checkAction() ¶ protected

checkAction(string $action, string $configKey): bool

Checks whether an action should be authorized according to the config key provided.

Parameters
string $action

Action name.

string $configKey

Configuration key with actions.

Returns
bool

configShallow() ¶ public

configShallow(array<string, mixed>|string $key, mixed|null $value = null): $this

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->configShallow('key', $value);

Setting a nested value:

$this->configShallow('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->configShallow(['one' => 'value', 'another' => 'value']);
Parameters
array<string, mixed>|string $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

Returns
$this

getConfig() ¶ public

getConfig(string|null $key = null, mixed $default = null): mixed

Returns the config.

Usage

Reading the whole config:

$this->getConfig();

Reading a specific value:

$this->getConfig('key');

Reading a nested value:

$this->getConfig('some.nested.key');

Reading with default value:

$this->getConfig('some-key', 'default-value');
Parameters
string|null $key optional

The key to get or null for the whole config.

mixed $default optional

The return value when the key does not exist.

Returns
mixed

getConfigOrFail() ¶ public

getConfigOrFail(string $key): mixed

Returns the config for this specific key.

The config value for this key must exist, it can never be null.

Parameters
string $key

The key to get.

Returns
mixed
Throws
InvalidArgumentException

getController() ¶ public

getController(): Cake\Controller\Controller

Get the controller this component is bound to.

Returns
Cake\Controller\Controller

getDefaultAction() ¶ protected

getDefaultAction(Cake\Http\ServerRequest $request): string

Returns authorization action name for a controller action resolved from the request.

Parameters
Cake\Http\ServerRequest $request

Server request.

Returns
string
Throws
UnexpectedValueException
When invalid action type encountered.

getIdentity() ¶ protected

getIdentity(Psr\Http\Message\ServerRequestInterface $request): Authorization\IdentityInterface|null

Get the identity from a request.

Parameters
Psr\Http\Message\ServerRequestInterface $request

The request

Returns
Authorization\IdentityInterface|null
Throws
Authorization\Exception\MissingIdentityException
When identity is not present in a request.
InvalidArgumentException
When invalid identity encountered.

getService() ¶ protected

getService(Psr\Http\Message\ServerRequestInterface $request): Authorization\AuthorizationServiceInterface

Get the authorization service from a request.

Parameters
Psr\Http\Message\ServerRequestInterface $request

The request

Returns
Authorization\AuthorizationServiceInterface
Throws
InvalidArgumentException
When invalid authorization service encountered.

implementedEvents() ¶ public

implementedEvents(): array<string, mixed>

Returns model authorization handler if model authorization is enabled.

Uses Conventions to map controller events to standard component callback method names. By defining one of the callback methods a component is assumed to be interested in the related event.

Override this method if you need to add non-conventional event listeners. Or if you want components to listen to non-standard events.

Returns
array<string, mixed>

initialize() ¶ public

initialize(array<string, mixed> $config): void

Constructor hook method.

Implement this method to avoid having to overwrite the constructor and call parent.

Parameters
array<string, mixed> $config

The configuration settings provided to this component.

Returns
void

log() ¶ public

log(string $message, string|int $level = LogLevel::ERROR, array|string $context = []): bool

Convenience method to write a message to Log. See Log::write() for more information on writing to logs.

Parameters
string $message

Log message.

string|int $level optional

Error level.

array|string $context optional

Additional log data relevant to this message.

Returns
bool

mapAction() ¶ public

mapAction(string $controllerAction, string $policyAction): $this

Allows to map controller action to another authorization policy action.

For instance you may want to authorize add action with create authorization policy.

Parameters
string $controllerAction

Controller action.

string $policyAction

Policy action.

Returns
$this

mapActions() ¶ public

mapActions(array $actions, bool $overwrite = false): $this

Allows to map controller actions to policy actions.

Parameters
array $actions

Map of controller action to policy action.

bool $overwrite optional

Set to true to override configuration. False will merge with current configuration.

Returns
$this

performCheck() ¶ protected

performCheck(mixed $resource, string|null $action = null, string $method = 'can'): bool|Authorization\Policy\ResultInterface

Check the policy for $resource.

Parameters
mixed $resource

The resource to check authorization on.

string|null $action optional

The action to check authorization for.

string $method optional

The method to use, either "can" or "canResult".

Returns
bool|Authorization\Policy\ResultInterface

setConfig() ¶ public

setConfig(array<string, mixed>|string $key, mixed|null $value = null, bool $merge = true): $this

Sets the config.

Usage

Setting a specific value:

$this->setConfig('key', $value);

Setting a nested value:

$this->setConfig('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->setConfig(['one' => 'value', 'another' => 'value']);
Parameters
array<string, mixed>|string $key

The key to set, or a complete array of configs.

mixed|null $value optional

The value to set.

bool $merge optional

Whether to recursively merge or overwrite existing config, defaults to true.

Returns
$this
Throws
Cake\Core\Exception\CakeException
When trying to set a key that is invalid.

skipAuthorization() ¶ public

skipAuthorization(): $this

Skips the authorization check.

Returns
$this

Property Detail

$_componentMap ¶ protected

A component lookup table used to lazy load component objects.

Type
array<string, array>

$_config ¶ protected

Runtime config

Type
array<string, mixed>

$_configInitialized ¶ protected

Whether the config property has already been configured with defaults

Type
bool

$_defaultConfig ¶ protected

Default config

These are merged with user-provided config when the component is used.

Type
array<string, mixed>

$_registry ¶ protected

Component registry class used to lazy load components.

Type
Cake\Controller\ComponentRegistry

$components ¶ protected

Other Components this component uses.

Type
array
OpenHub
Pingping
Linode
  • Business Solutions
  • Showcase
  • Documentation
  • Book
  • API
  • Videos
  • Reporting Security Issues
  • Privacy Policy
  • Logos & Trademarks
  • Community
  • Get Involved
  • Issues (Github)
  • Bakery
  • Featured Resources
  • Training
  • Meetups
  • My CakePHP
  • CakeFest
  • Newsletter
  • Linkedin
  • YouTube
  • Facebook
  • Twitter
  • Mastodon
  • Help & Support
  • Forum
  • Stack Overflow
  • IRC
  • Slack
  • Paid Support

Generated using CakePHP API Docs