Howto use rdAuth

In the rdOS project’s rdBloggery application, there is a very small authentication system, which lets users log in, do things according to their privilege level, and logout. rdAuth is not a part of Cake, it is an application in the rdOS CakeForge project, initiated by gwoo.

rdAuth, is a Component, and as such works in the Controller.1) Here is an example from where the sub-navigation gets set with the admin-specific menu items:

if($this->rdAuth->admin)
{
	$this->set('subnav', array( array( 'name' => 'List posts', 'action' => 'grid') ) );
}

We set a variable for the View if the admin property of the rdAuth Component is set to true. (At least, non-false for PHP.) So, how does it get set to true?

In the method set() in /app/controllers/components/rd_auth.php:

// ... snip! ...
 
// Read the role string from the Session
$this->role = $this->Session->read('rdBloggery.role');
 
// If the current role is in the privileged "admins" array, 
// then set the admin flag, i.e. $this->admin
if( in_array($this->role, $this->admins) )
{
	$this->admin = 1;	
}

So, the rdAuth::admin is just a Boolean value.

OK, now let’s see how rdBloggery sets up its Users in the database. There is an SQL file added to the distribution.

-- 
-- Table structure for table `users`
-- 
 
CREATE TABLE `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(50) DEFAULT '',
  `password` varchar(50) DEFAULT '',
  `role` enum('Admin','Manager','User') DEFAULT 'User',
  `email` varchar(255) DEFAULT '',
  `realname` varchar(255) DEFAULT '',
  `created` datetime DEFAULT NULL,
  `modified` datetime DEFAULT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
 
-- 
-- Dumping data for table `users`
-- 
 
INSERT INTO `users` VALUES (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', 'Admin', 
'admin@example.com', 'admin', 
'2005-11-29 19:13:00', '2005-11-29 19:13:00'
);

Centrally controlling action names is done in the AppController:

 
class AppController extends Controller  {
 
//  ....snip...
	var $beforeFilter =	 array('checkAccess');
	var $access = array (
			   	'grid'	 	=> array('role'=>array('Admin','Manager','User')),
			   	'add'		=> array('role'=>array('Admin','Manager','User')),
			   	'upload'	=> array('role'=>array('Admin','Manager','User')),
			   	'edit'	 	=> array('role'=>array('Admin','Manager','User')),
			   	'delete' 	=> array('role'=>array('Admin','Manager')),
				);	
				
//  ....snip...
	
    function checkAccess()
	{	
		// Roles that are allowed "admin" status
		$this->rdAuth->admins = array('Admin','Manager');
	
	  	$this->rdAuth->set(); // Set local vars from session
	  
	    if (!$this->rdAuth->check($this->action, $this->access))
	    {
                // If no access, redirect to Login form
	      	$this->set('title', 'Permission Denied');
	      	$this->redirect('/users/login');
	      	exit;
	    }
	    $this->set('rdAuth',$this->rdAuth);
	    return true;
	 }
}
 

As you can see, it is based on action names in the controllers.

gwoo, Jan 22, 8:12 pm

If you look in the checkAccess method in the app_controller.php you will see that there is a $this→set(’rdAuth’, $this→rdAuth);

This makes the object available in the view so you can access like $rdAuth→id or $rdAuth→admin.

Here’s a tip from Andrea Malfer Poma:

I could not see submenus after login, so I downloaded and installed, everything worked fine, but after I logged in I saw nothing in the blogs section. The solution was easy... I work with WinXP, Apache2, PHP 5.0.3, on my machine Cake doesn’t handle sessions properly with Cake security set to “high”, it never retrieves the session. Te solution is to change the security setting in your rdBloggery/config/core.php file: define(’CAKE_SECURITY’, ‘medium’); With that, everything works just fine.