Good afternoon,
Someone who has already needed to use the restrictions for the user via the bank in an editable way that can help.
At first I followed the initial tutorial creating the users and roles tables, but the client asked me to edit the role access permissions, for example:
Roles | Permissions ADMIN - > all; EDITOR - > controller = > POST, action ADD EDITOR - > controller = > POST, action EDIT CLIENT - > deny
In this way I created the permissions and roles_permissions table and so I tried to pass in isAuthorized to allow or deny without success. If you have a plugin that you use or a better idea, thank you right away.
public function isAuthorized($user)
{
$this->rolePermissionsTable = TableRegistry::get('RolePermissions');
$rolePermissions = $this->rolePermissionsTable->find()->where(['role_id' => $user['role_id'] ])->all();
//var_dump($rolePermissions); die;
$this->rolePermissionsTable = TableRegistry::get('RolePermissions');
$this->permissionsTable = TableRegistry::get("permissions");
// Admin pode acessar todas as actions
foreach ($rolePermissions as $authorized) {
$permissions = $this->permissionsTable->find()->where(['id', $authorized['permission_id'] ] )->all();
if ($user['role_id']== $authorized['role_id']) {
$this->addPermission($permissions);
$this->Auth->allow('*');
return true;
}
if($user['role_id'] != $authorized['role_id']){
return false;
}
}
// Bloqueia acesso por padrão
return false;
}
public function addPermission($permissions){
foreach ($permissions as $permission) {
$this->Auth->allow(['controller' => $permission['controller'], 'action' => $permission['action'] ]);
}
}
public function removePermission ($ permissions) { foreach ($ permissions as $ permission) { $ this-> Auth-> deny (['controller' => $ permission ['controller'], 'action' = > $ permission ['action']]); } }