mgomezbuceta/cakephp-aclmanager
Composer 安装命令:
composer require mgomezbuceta/cakephp-aclmanager
包简介
Modern Authorization Manager for CakePHP 5.x - Role-based permission management system
README 文档
README
🔐 CakePHP Authorization Manager
Modern Role-Based Permission Management for CakePHP 5.x
A powerful, modern web interface for managing role-based permissions using CakePHP's Authorization plugin.
Features • Installation • Quick Start • Documentation • Migration
🌟 Features
💡 Why Authorization Manager?
Traditional ACL systems (acos/aros) are deprecated in CakePHP 5.x. This plugin provides:
- ✅ Modern Authorization - Uses CakePHP's official Authorization plugin
- ✅ Simplified Structure - No more complex ACO/ARO trees
- ✅ Visual Management - Web interface for managing permissions
- ✅ Role-Based - Industry-standard RBAC pattern
- ✅ Easy Integration - Drop-in authorization solution
- ✅ Multilingual - Spanish and Galician translations included
📋 Requirements
| Requirement | Version |
|---|---|
| PHP | ≥ 8.1 |
| CakePHP | ≥ 5.0 |
| CakePHP Authorization | ≥ 3.0 |
🚀 Installation
Step 1: Install via Composer
composer require mgomezbuceta/cakephp-aclmanager composer require cakephp/authorization
Step 2: Load the Plugin
Add to your src/Application.php:
public function bootstrap(): void { parent::bootstrap(); $this->addPlugin('AclManager', ['bootstrap' => true, 'routes' => true]); }
Step 3: Run Migrations
bin/cake migrations migrate -p AclManager
Step 4: Sync Resources
Visit /authorization-manager and click "Sync Resources" to discover all your controllers and actions.
That's it! 🎉
⚡ Quick Start
Basic Setup
-
Create Roles
- Visit
/authorization-manager/roles - Click "New Role"
- Create roles like: Administrator, Editor, Viewer
- Visit
-
Assign Permissions
- Click "Manage Permissions" for a role
- Check/uncheck permissions for each controller/action
- Click "Save Permissions"
-
Integrate with Your Auth
// In your AppController or specific controller public function initialize(): void { parent::initialize(); $this->loadComponent('AclManager.AuthorizationManager', [ 'userModel' => 'Users', 'roleField' => 'role_id' ]); } public function isAuthorized($user = null): bool { return $this->AuthorizationManager->isAuthorized($user); }
Add role_id to Your Users Table
ALTER TABLE users ADD COLUMN role_id INT NOT NULL; ALTER TABLE users ADD FOREIGN KEY (role_id) REFERENCES roles(id);
📚 Documentation
🔧 Configuration Options
Admin Access Control
IMPORTANT: By default, only administrators can access the Authorization Manager.
The plugin checks if the user is an admin using multiple methods (in order):
- role_name: Checks if
role_nameis 'admin', 'administrator', or 'superadmin' - role_id: Checks if
role_id == 1(typically admin role) - is_admin: Checks if
is_adminflag is true - email: Checks against a whitelist of admin emails
To customize admin access, add to your config/app.php in the return array:
// In config/app.php, add to the return array: return [ // ... existing configuration ... 'AclManager' => [ 'adminAccess' => [ // Which role IDs can access the Authorization Manager 'adminRoleIds' => [1, 2], // Allow role IDs 1 and 2 // Which role names can access 'adminRoleNames' => ['admin', 'superuser'], // Specific emails (useful for initial setup) 'adminEmails' => [ 'admin@example.com', ], ], 'redirects' => [ 'login' => ['controller' => 'Users', 'action' => 'login'], 'unauthorized' => ['controller' => 'Dashboard', 'action' => 'index'], ], ], ];
Session Timeout and Redirect
When a user's session expires while using the Authorization Manager, they will be redirected to the login page with a redirect parameter containing the original URL.
To handle the redirect in your login controller, add this code after successful authentication:
// In your UsersController login action, after successful authentication: public function login() { $result = $this->Authentication->getResult(); if ($result->isValid()) { // Check if there's a redirect parameter $redirect = $this->request->getQuery('redirect'); if ($redirect) { // Redirect back to the original URL return $this->redirect($redirect); } // Default redirect $target = $this->Authentication->getLoginRedirect() ?? '/dashboard'; return $this->redirect($target); } if ($this->request->is('post') && !$result->isValid()) { $this->Flash->error(__('Invalid username or password')); } }
This ensures users are returned to the Authorization Manager page they were viewing after logging in.
Internationalization (i18n)
The plugin comes with Spanish (es_ES) and Galician (gl_ES) translations out of the box.
To change the language, add to your config/bootstrap.php:
use Cake\I18n\I18n; // Set Spanish (default) I18n::setLocale('es_ES'); // Or Galician I18n::setLocale('gl_ES'); // Or English I18n::setLocale('en_US');
To add your own translation:
- Create
resources/locales/{locale}/acl_manager.poin your app - Copy entries from
vendor/mgomezbuceta/cakephp-aclmanager/resources/locales/es_ES/acl_manager.po - Translate the
msgstrvalues - Run
bin/cake i18n extract --plugin AclManagerto update
Other Configuration Options
In your config/bootstrap.php:
use Cake\Core\Configure; // Actions to ignore during resource scan Configure::write('AclManager.ignoreActions', [ 'isAuthorized', 'beforeFilter', 'initialize', 'AclManager.*', // Ignore plugin 'DebugKit.*' // Ignore DebugKit ]); // Permission checking mode Configure::write('AclManager.permissionMode', 'strict'); // or 'permissive' // Enable permission caching Configure::write('AclManager.cachePermissions', true); Configure::write('AclManager.cacheDuration', '+1 hour'); // Default role for new users Configure::write('AclManager.defaultRoleId', 2);
🗄️ Database Schema
The plugin creates three tables:
roles - User roles
id, name, description, priority, active, created, modified
permissions - Role permissions
id, role_id, controller, action, plugin, allowed, created, modified
resources - Available resources (auto-discovered)
id, controller, action, plugin, description, active, created, modified
🔌 Component Usage
// Load the component $this->loadComponent('AclManager.AuthorizationManager'); // Check if user is authorized $allowed = $this->AuthorizationManager->isAuthorized($user); // Check specific permission $allowed = $this->AuthorizationManager->checkPermission( $roleId, 'Articles', 'edit', 'Blog' // plugin name (optional) ); // Clear permission cache $this->AuthorizationManager->clearCache(); // Handle unauthorized access return $this->AuthorizationManager->handleUnauthorized();
🎯 Service Layer
use AclManager\Service\PermissionService; use AclManager\Service\ResourceScannerService; // Permission management $permissionService = new PermissionService(); // Grant permission $permissionService->grant($roleId, 'Articles', 'edit'); // Deny permission $permissionService->deny($roleId, 'Articles', 'delete'); // Get permission matrix $matrix = $permissionService->getPermissionMatrix($roleId); // Copy permissions between roles $permissionService->copyPermissions($sourceRoleId, $targetRoleId); // Resource scanning $scannerService = new ResourceScannerService(); $stats = $scannerService->scanAndSync(); // Get grouped resources $resources = $scannerService->getGroupedResources();
🐛 Troubleshooting
No resources showing?
Visit /authorization-manager and click "Sync Resources"
Permission changes not taking effect?
// Clear cache Configure::write('AclManager.cachePermissions', false); // Or clear specific cache $this->AuthorizationManager->clearCache();
Getting "access denied" after setup?
1. Make sure your User has a role_id assigned
2. Verify permissions are granted for that role
3. Check isAuthorized() is properly implemented
🔄 Migration from v2.x
⚠️ BREAKING CHANGE: Version 3.0 uses Authorization plugin instead of deprecated ACL.
Migration Steps:
- Backup your data
CREATE TABLE backup_aros_acos AS SELECT * FROM aros_acos;
- Update composer.json
composer remove cakephp/acl composer require cakephp/authorization composer update mgomezbuceta/cakephp-aclmanager
- Run new migrations
bin/cake migrations migrate -p AclManager
-
Update routes
- Old:
/acl-manager - New:
/authorization-manager
- Old:
-
Update component
// Old $this->loadComponent('AclManager.AclManager'); // New $this->loadComponent('AclManager.AuthorizationManager');
- Rebuild permissions
- Create new roles matching your old ARO structure
- Use "Sync Resources" to discover controllers
- Manually assign permissions (old ACL data cannot be migrated)
🏗️ Architecture
┌─────────────────────────────────────────┐
│ PermissionsController │
│ (Web Interface) │
└──────────────┬──────────────────────────┘
│
┌────────┴────────┐
│ │
┌─────▼──────────┐ ┌───▼──────────────────┐
│ Permission │ │ ResourceScanner │
│ Service │ │ Service │
│ │ │ │
│ • Check Auth │ │ • Scan Controllers │
│ • Grant/Deny │ │ • Sync Resources │
│ • Copy Perms │ │ • Auto-Discovery │
└────────────────┘ └──────────────────────┘
│ │
└──────────┬──────────┘
│
┌────────────▼─────────────┐
│ Database Tables │
│ • roles │
│ • permissions │
│ • resources │
└───────────────────────────┘
🤝 Contributing
Contributions are welcome!
- 🍴 Fork the repository
- 🌿 Create your feature branch (
git checkout -b feature/amazing-feature) - 💻 Write clean, documented code following PSR-12
- ✅ Add tests for new functionality
- 📝 Commit your changes (
git commit -m 'Add amazing feature') - 🚀 Push to the branch (
git push origin feature/amazing-feature) - 🎉 Open a Pull Request
📄 License
This project is licensed under the MIT License - see LICENSE.md for details.
Copyright (c) 2025 Marcos Gómez Buceta
Copyright (c) 2016 Iván Amat
👨💻 Author
Marcos Gómez Buceta
🙏 Acknowledgments
This project evolved from the excellent ACL Manager foundation:
- Iván Amat - Original CakePHP 4.x Acl Manager
- Frédéric Massart (FMCorz) - Original CakePHP 2.x AclManager
Special thanks to the CakePHP community for their continuous support.
⭐ If you find this plugin useful, please give it a star! ⭐
Made with ❤️ for the CakePHP community
mgomezbuceta/cakephp-aclmanager 适用场景与选型建议
mgomezbuceta/cakephp-aclmanager 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 44 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 10 月 08 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「authorization」 「plugin」 「manager」 「cakephp」 「roles」 「permissions」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 mgomezbuceta/cakephp-aclmanager 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 mgomezbuceta/cakephp-aclmanager 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 mgomezbuceta/cakephp-aclmanager 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
CakePHP 4.x AdminLTE Theme.
The file manager intended for using Laravel with CKEditor / TinyMCE / Colorbox
Ory-Hydra OAuth 2.0 Client Provider for The PHP League OAuth2-Client
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
Laravel JWT auth service package
KCFinder web file manager
统计信息
- 总下载量: 44
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 27
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-10-08