Class ControllerAuthorize

An authorization adapter for AuthComponent. Provides the ability to authorize using a controller callback. Your controller's isAuthorized() method should return a boolean to indicate whether the user is authorized.

public function isAuthorized($user)
 {
     if ($this->request->getParam('admin')) {
         return $user['role'] === 'admin';
     }
     return !empty($user);
 }

The above is simple implementation that would only authorize users of the 'admin' role to access admin routing.

Namespace: Cake\Auth
See: \Cake\Controller\Component\AuthComponent::$authenticate

Property Summary

$_Controller protected

Cake\Controller\Controller

Controller for the request.
$_config protected

array<string, mixed>

Runtime config
$_configInitialized protected

bool

Whether the config property has already been configured with defaults
$_defaultConfig protected

array<string, mixed>

Default config for authorize objects.
$_registry protected

Cake\Controller\ComponentRegistry

ComponentRegistry instance for getting more components.

Method Summary

__construct() public

Constructor
_configDelete() protected

Deletes a single config key.
_configRead() protected

Reads a config key.
_configWrite() protected

Writes a config key.
authorize() public

Checks user authorization using a controller callback.
configShallow() public

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.
controller() public

Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.
getConfig() public

Returns the config.
getConfigOrFail() public

Returns the config for this specific key.
setConfig() public

Sets the config.

Method Detail

__construct() public

__construct(Cake\Controller\ComponentRegistry $registry, array<string, mixed> $config = [])

Constructor

Parameters

Cake\Controller\ComponentRegistry $registry
array<string, mixed> $config optional

_configDelete() protected

_configDelete(string $key): void

Deletes a single config key.

Parameters

string $key: Key to delete.

Returns

void

Throws

Cake\Core\Exception\CakeException
if attempting to clobber existing config

_configRead() protected

_configRead(string|null $key): mixed

Reads a config key.

Parameters

string|null $key: Key to read.

Returns

mixed

_configWrite() protected

_configWrite(array<string, mixed>|string $key, mixed $value, string|bool $merge = false): void

Writes a config key.

Parameters

array<string, mixed>|string $key: Key to write to.
mixed $value: Value to write.
string|bool $merge optional: True to merge recursively, 'shallow' for simple merge, false to overwrite, defaults to false.

Returns

void

Throws

Cake\Core\Exception\CakeException
if attempting to clobber existing config

authorize() public

authorize(ArrayAccess|array $user, Cake\Http\ServerRequest $request): bool

Checks user authorization using a controller callback.

Parameters

ArrayAccess|array $user: Active user data
Cake\Http\ServerRequest $request: Request instance.

Returns

bool

Throws

Cake\Core\Exception\CakeException
If controller does not have method `isAuthorized()`.

configShallow() public

configShallow(array<string, mixed>|string $key, mixed|null $value = null): $this

Merge provided config with existing config. Unlike config() which does a recursive merge for nested keys, this method does a simple merge.

Setting a specific value:

$this->configShallow('key', $value);

Setting a nested value:

$this->configShallow('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->configShallow(['one' => 'value', 'another' => 'value']);

Parameters

array<string, mixed>|string $key: The key to set, or a complete array of configs.
mixed|null $value optional: The value to set.

Returns

$this

controller() public

controller(Cake\Controller\Controller|null $controller = null): Cake\Controller\Controller

Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.

Parameters

Cake\Controller\Controller|null $controller optional: null to get, a controller to set.

Returns

Cake\Controller\Controller

getConfig() public

getConfig(string|null $key = null, mixed $default = null): mixed

Returns the config.

Usage

Reading the whole config:

$this->getConfig();

Reading a specific value:

$this->getConfig('key');

Reading a nested value:

$this->getConfig('some.nested.key');

Reading with default value:

$this->getConfig('some-key', 'default-value');

Parameters

string|null $key optional: The key to get or null for the whole config.
mixed $default optional: The return value when the key does not exist.

Returns

mixed

getConfigOrFail() public

getConfigOrFail(string $key): mixed

Returns the config for this specific key.

The config value for this key must exist, it can never be null.

Parameters

string $key: The key to get.

Returns

mixed

Throws

InvalidArgumentException

setConfig() public

setConfig(array<string, mixed>|string $key, mixed|null $value = null, bool $merge = true): $this

Sets the config.

Usage

Setting a specific value:

$this->setConfig('key', $value);

Setting a nested value:

$this->setConfig('some.nested.key', $value);

Updating multiple config settings at the same time:

$this->setConfig(['one' => 'value', 'another' => 'value']);

Parameters

array<string, mixed>|string $key: The key to set, or a complete array of configs.
mixed|null $value optional: The value to set.
bool $merge optional: Whether to recursively merge or overwrite existing config, defaults to true.

Returns

$this

Throws

Cake\Core\Exception\CakeException
When trying to set a key that is invalid.

Property Detail

`$_Controller` protected

Controller for the request.

Type

Cake\Controller\Controller

`$_config` protected

Runtime config

Type

array<string, mixed>

`$_configInitialized` protected

Whether the config property has already been configured with defaults

Type

bool

`$_defaultConfig` protected

Default config for authorize objects.

Type

array<string, mixed>

`$_registry` protected

ComponentRegistry instance for getting more components.

Type

Cake\Controller\ComponentRegistry

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Auth.ControllerAuthorize.html

Class ControllerAuthorize

Property Summary

Method Summary

__construct() public

_configDelete() protected

_configRead() protected

_configWrite() protected

authorize() public

configShallow() public

controller() public

getConfig() public

getConfigOrFail() public

setConfig() public

Method Detail

__construct() public

Parameters

_configDelete() protected

Parameters

Returns

Throws

_configRead() protected

Parameters

Returns

_configWrite() protected

Parameters

Returns

Throws

authorize() public

Parameters

Returns

Throws

configShallow() public

Parameters

Returns

controller() public

Parameters

Returns

getConfig() public

Usage

Parameters

Returns

getConfigOrFail() public

Parameters

Returns

Throws

setConfig() public

Usage

Parameters

Returns

Throws

Property Detail

$_Controller protected

Type

$_config protected

Type

$_configInitialized protected

Type

$_defaultConfig protected

Type

$_registry protected

Type

`$_Controller` protected

`$_config` protected

`$_configInitialized` protected

`$_defaultConfig` protected

`$_registry` protected