I´m just working with Cakephp for a few days and I´m very impressed. But now I´m trying to get closer with Acl, but it´s a bit confusing.
My situation is, that I want to create a website with a frontend and a backend. But I´m not sure if I really need Acl for this, cause all Pages should be available for all users, except the backend of course. The tutorials in the Cookbook aren´t very helpful due to the fact, that it´s all about creating users, and groups and roles and creating the right views for login, adding and editing users, etc.
But I just need information about what Acl handles? Does it restrict the use of controllers or models?
Or do I need something else than Acl? Maybe it´s easier to check a session variable and redirect direct into the controller if the check false?
Hopefully you can bring me on the right way,
thanks in advance and best greetings from Germany,
Sascha
I suggest you to read this chapter and use the Auth component instead of simply accessing the session as you're teased to do.
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
For your admin backend use prefix routing.
http://book.cakephp.org/2.0/en/development/routing.html#prefix-routing
In conjunction with auth this is pretty easy to check and implement in the isAuthorized() callback.
If you don't need various 'levels' of permissions; i.e. any logged-in user is allowed to access the backend, it's best to skip ACL (for now). If, in a later stage, ACL is required, you can always add it later.
You can start with 'simple' authentication. This chapter in the cookbook describes how to do so;
http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html
In general, do not develop features that you don't need now. E.g. implementing ACL because you might need it in the future is only overcomplicating your development and chances are, they don't fit the requirements when that moment arrives.
Unlike #burzum, I'm not a big fan of prefix routing (only for very simple projects), because you'll end up mixing front- and backend actions and logic in the same controller.
I would advice to create separate controllers for the backend, possibly develop them as a Plugin. Either way, you may consider to create 'base' Controllers and Models for the backend and have your backendcontrollers/models extend them. This way you'll be able to define components/behaviors to use for the backend in 1 location. Also, by loading the 'Auth' component only in Backend controllers, you don't have to 'allow' actions in each controller in the frontend
for example;
class BackendCoreController extends AppController {
// only load the Auth component in backend controllers
// regular/frontend controllers don't require authentication
$components = array('Auth');
}
class PageAdminController extends BackendCoreController {
}
For considerations on developing the backend as a plugin, see my answer here:
Best way to implement admin panel in CakePHP
Related
Im building an app with AngularJS and Laravel. I'm currently working on a login page.
By default in Laravel, the 'out of the box' class User extends 'Authenticatable' but I would like to know if I can rather simply extend it to 'Model', because I actually want to rule my authentication access through AngularJS routing and not via Laravel. I don't know if this makes sense.. and if this would even work (I dont wanna break the logic behind Laravel). Could anyone help me on that?
The Authenticatable refers to Illuminate\Foundation\Auth\User which in turn includes some Traits and implements some contracts, depending on whether you're going to use Laravel's Auth system it seems like you can omit extending this class without any problems.
I've been working on cakephp3 for a while now. I've always used Cakephp's Auth component for authorization and authentication purpose.
I follow the very conventional procedure every time, like loading the component, adding isAuthorized function in controllers and defining allowMethods etc.
But now what I want is to develop my own plugin for this purpose, just using Cake's Auth component. So that i can reuse the plugin in all my future projects, also i want it to be like plug and play. Like You enable it, add few settings and your User management is done.
I know that how migrations work so I can add users table via migration every time. (Just an idea)
The thing I don't get right now is how to make everything separate from the core app? Like everything is done via plugin and nothing is added to every controller of the app.
Hope I'm clear about what I want to achieve.
Update: I know there is a whole list of third party Auth plugins. But I want to develop my own so i just need the idea of how things work.
Any solutions to my problem would save my day.
I want to call a .ctp file in one 'Model' and the .ctp file is in another 'View'.
Is it possible in cakephp?
Or instead of that should i call that 'Controller' function in my 'Model'?
CakePHP in a nutshell, and the keywords that you might need to search for:
Dispatcher and Routing controlling how URL reaches your controller.
Controller places system logic and controlling individual routing requests from Dispatcher
Component places logics that can be easily shared by Controllers
Model is for all the database related queries, manipulation, selections, deletions
Behavior can be deem as similar to Component, that provides "mixins" to Models to achieve similar behaviors, such as TreeBehavior abstract your database tables into parent-child relationship.
View is used by Controller to render individual pages to the user
Helper placed shared functionalities to help View render certain stuff. For example, FormHelper helps you all sort of form rendering, inputs, etc.
Place globally shared library in app/Lib folder so it can be easily accessed through using App::uses('...', 'Lib'). For example, a Gravatar library that helps you convert emails to md5-hashed strings. So this can be used everywhere in your app.
vendors are for those packaged vendor libraries that do not respect MVC, for example, swiftmailer that helps you send emails. Usually I would abstract them into my Lib folder for ease.
plugins are for those baked CakePHP applications found everywhere in the internet.
There are others in-depth stuff that you might be interested in, but these are the most basic stuff that you need to know before using a MVC framework like CakePHP. Check out their docs before diving in.
You can't access View (.ctp) in Model, it's against MVC architecture and logic. Just tell us more what do you want to do, maybe you're doing something wrong.
I am trying to move from CodeIgniter to CakePHP and can't figure out the best way to implement an admin panel. In CI I would create two different applications, one for the frontend and one for the admin panel.
After Googling around, I have found three ways to implement admin panel in CakePHP:
Routing - I don't want to use this as I want by Controllers/Models to be separate for frontend and admin panel
Plugin
Two separate apps
Should I use plugin to implement admin panel or should I have separate apps? Any benefits of one over the other?
I normally develop the admin/backend as a plugin. This keeps your backend/admin controllers/views/models separated from the frontend and you don't have to jump through hoops to have separate stylesheets, layouts etc.
Another advantage is that both front- and backend are still part of the same application, so if desired, you can share logic/components, for example you'll be able to put helpers that are usable both for front- and backend in another plugin (e.g. plugins/Shared or plugins/Handytexttools) and use those both wherever you want
As a rule of thumb; put components that may be reuseable for other projects in a separate plugin, this way you can just add those plugins to other projects without problems. Keep your plugins simple; it's no problem to create a plugin containing just one or two helpers or models and a few files of JavaScript. This will make it easier to 'cherry pick' the plugins that you need for a project. Once Cake has 'cached' the file-locations of all classes in your plugins, the overhead of separate plugins should be minimal.
Coming back to the 'admin' plugin. Try to only include code specific for this project in your admin plugin and reusable parts in another one (e.g. Generic stylesheets and layouts for admin-panels). You'll be able to start a admin-plugin for your next project with minimal coding
Good luck with your project and enjoy CakePHP
If you want to keep your controllers and models separate - I'd go with a separate app, although you'll end up with a bunch of duplicate code between the apps (maintenance headache waiting to happen).
My choice would be admin routing and an admin theme.
Enable admin routing in /app/Config/core.php
In AppController beforeFilter():
$this->theme = isset($this->params['admin']) ? "Admin" : "Site";
Move all your site views and assets into /app/View/Themed/Site/
Create your admin themes in /app/View/Themed/Admin
Old and refers to CakePHP 1.3, but still is a question you should check: CakePHP admin panel
The Cake way is routing. I'd go with a plugin like CakeDC Users that makes things easier.
You could use admin-routing. Check out:
http://book.cakephp.org/2.0/en/development/routing.html#prefix-routing
Another solution -which I find really easy to implement- is like this:
In your AppController:
public function beforeFilter(){
$this->set('current_user', $this->Auth->user());
}
This makes the $current_user available in your app.
Then in your view-files, you can check:
<?php if ($current_user['role'] == 'admin'){/*place code for admin users to see here*/} ?>
<?php if ($current_user){/*place code for logged-in users to see here*/} ?>
I know this is an old thread. But would like to ask if anyone had trouble implementing the admin panel as a plugin. Particularly duplication of code.
For example you're implementing an e-commerce site. You have an OrderController both in the main and admin plugin. Don't you think it's kinda hard to maintain the logic in two places?
How about just using one main controller. It's serves two purpose. One as an API then the controller for your Admin webapp.
Your public side would then basically communicate via API to fetch data.
Do you think it's a good idea?
You can use admin views like admin_index.ctp just change this
//Configure::write('Routing.admin', 'admin');
to
Configure::write('Routing.admin', 'admin');
in core.php and in the controller add admin_index() function
I'm fairly new to CakePHP and am trying to setup a custom admin area for my app. I realize Cake can create an admin area with scaffolding but I'd like to build something much more customized, and have it accessible from via /admin/, with one app for the public side and another for the admin.
Ideally, the structure would be:
www
^- apples (public application here)
^- apples-admin (password-protected control panel)
I'm having a hard time figuring out how to set this up using a single Cake core and two apps - one for "apples" and one for "apples-admin". I've read some notes about modding PHP's include path, but that won't be possible in the production environment. The other notes I see about changing CAKE_CORE_INCLUDE_PATH aren't very clear on where I would make that change, and it doesn't appear as though that would get me the app-inside-app structure I'm after.
Is what I'm trying to do possible? Am I better off using just a single app for both the public side and admin area?
You can achieve what you want using a single application.
To get up and running:
Use Prefix Routing to map your admin actions.
Then use the Auth component to restrict access to your 'admin' actions. I recommend setting up a User model to manage your users and using the FormAuthentication handler for logging in.
If you haven't used Bake for code generation before, then that's also worth looking into. It'll help create a base starting point for a lot of your admin functions.
Good luck.