Authake is (another) solution to manage users and groups and their rights in a CakePHP platform, as well as their registration, email confirmation and password changing requests. It's composed by a component, a plugin, and a helper. The ACL model was presented by Marco Sbragi in the tutorial YACCA Yet Another Cake Component for Auth, that I used as an exercice to start learning Cake. So, thanks Marco for your article. UPDATE: This software is not developped anymore by its original author. Nik Chankov made some changes to support Cake 1.3. I advice to use its version: http://github.com/nchankov/authake WARNING : This software is in beta stage of development, and is closely related to the security of your applications. Please, contribute here to make it better before using in production! And of course, no warranty at all if you install this software... Contact: post comment below or mail to jakecake-dev and you add the domain name velay.greta.fr
The demo site is offline now, as I don't maintain anymore this software. You will find some screenshots here : admin page, rules list, group view.
Authake is ready for debug, and many aspects need to be improved.
The user and group model is quite simple. There are users, registered in the authake_users table. There are groups, in authake_groups table. A user can belongs to one or more groups. The relation is made in the authake_groups_users table. The user with id 1 is a special user: it's not possible to delete it and is not editable by others (even with proper administrator rights). The group with id 0 is the "Everybody" group. All users and anonymous guests belong to this group by default. This group cannot be deleted.
Then there are rules for the ACL (authake_rules table). A rule is a Perl regular expression that says if an action is allowed or not. One rule belongs to one group only. All the rules of groups that the user belongs to are tested for each URL checked. Ex. If user in groups TheGroup and TheOtherGroup accesses the URL /page/index, all the rules that belongs to groups Everybody, TheGroup and TheOtherGroup are tested to match ^(/page/index)$. The last rule that matches in the list tells if the URL is allowed or not. For this reason, by default the first rule tells that all users are denied to access anything, then rules allow some actions (but you can reverse: allow anything then deny). The last rule tells that administrators are allowed to access anything. The rule order is specified in the field order, and can be changed through the Authake GUI. If the rule fails the check:
^( )$ is automatically added around each rule to ensure that the full URL is checked. You can use * as wildcard (replaced by .*). Slash / is automaticaly backslashed \/. You can check several actions in one rule with an ' or ' (replaced by | in the regex). Look at the examples in the default database.
The main works is done in the Authake component (/app/controllers/components/authake.php). This component is the heart of the system. It manages the user login and checks the URL according to groups and rules. The job is done in the AppController::beforeFilter() callback (/app/app_controller.php). Options for the component are in the core config file (/app/config/core.php) under the key Authake.*.
Found in /app/plugins/authake. It contains controllers, models, views and helpers. AuthakeAppController and AuthakeAppModel provide some methods for internal use.
The data model (users, groups, rules in the database) is stored in the plugin models folder (/app/plugins/authake/model/). Nothing particular.
There are in /app/plugins/authake/controllers
Views (in /app/plugins/authake/views) are the HTML outputs for each controller. Related CSS are in the webroot folder (/app/webroot/css). The file authake.css contains everything concerning Authake. Each view encapsulate its content in a <div id="authake">. In addition Authake provide a CSS to format the Session::Flash messages (flashhelper.css).
Authake plugin implements two helpers (in /app/plugins/authake/views/helpers):
Some other files are more or less part of Authake. The home page is in /app/views/pages/home.ctp but should be overridden by your application. Some graphics elements are in /app/views/pages/layouts: templates for flash message, email layouts (for text and html, but EmailComponent in HTML mode fails to work properly on my installation...). The icons are in /app/webroot/img/icons. I used the nice SILK ICONS of Mark James, thanks to him.
THE DATABASE CHANGED SO YOU SHOULD REINSTALL ALL THE TABLES
Commentaires
Thanks to share
Thanks to share Matthias.
Jerome
how if I use firebird ?? can
how if I use firebird ?? can u help me??
Will there ever be a official
Will there ever be a official tutorial on this plugin?
A bug? line:
A bug?
line: if(preg_match("/{$data['Rule']['action']}/i", $url, $matches))
I think the correct expression should be
if(preg_match("/^{$data['Rule']['action']}$/i", $url, $matches))
otherwise default rule "/" will match any url pattern starting with '/'.
---------------------------------------------------------------------------------------------------
// Function to check the access for the controller / action
function _areGroupsAllowed($url = "", $rules) { // $checkStr: "/name/action/" $group_ids: check again thess groups
$allow = false;
foreach( $rules as $data ) {
if(preg_match("/{$data['Rule']['action']}/i", $url, $matches)) {
$allow = $data['Rule']['permission'];
if ($allow == 'Deny')
$allow = false;
else
$allow = true;
}
}
return $allow;
}
I know that Jerome has moved
I know that Jerome has moved on to other projects and also that Marco who has started an Authake 2.0 project on Cakeforge is very busy, but I thought I would come back here and post a very basic "newbie" question in case anyone sees it and can answer it....
I am trying to use the isAllowed() function from Authake outside of the regular Authake functionality. I have created a database-driven menu system for my application and I want to "pre-test" rights to any menus and actions, meaning that if Authake does not allow you to go to the "budgets" controller, then the menu will not even show you "Budgets" as an option.
This is simplified, but in both the controller and view for my "menus" system I have tried various things like:
$path="/budgets";
if ($authak3->isAllowed($path)){
echo $menuitem;
}
No matter what I supply for $path, I can't get a return value of TRUE
I was not sure about scope of these functions but I look and see $authak3->getLogin(); being referenced in views and I can call that from any view, so I wonder what I am missing as far as passing a path/action string to isAllowed()?
Note: when I try to call $authak3->getLogin() from the controller, it does not work. Not sure why. If I can, I would like to do all of this work in the menus controller -- test each menu items for access rights as soon as they are read out of DB into an array, then only send allowed menu items to the view.
Any bright ideas appreciated!
Jim
what i would also sugget is
what i would also sugget is to place following lines
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
in
user_controller.php in logout method,
because some browsers do use cache (not surprising) causing some problem when logging out.
Now this is a plugin, is this
Now this is a plugin, is this also the way to integrate it into your own project or make it mainstream ?
Hi, I know that the original
Hi, I know that the original authors are no longer working with this plugin, but I'm hoping that someone else might be able to help me out?
I'm using requestAction() within an element to call a function within a controller which then returns a list of genres for display across the top of the site. (I don't know if this makes any diffrence, but within the function I'm using if(isset($this->params['requested'])) to check that it's not being called directly.
I've gone into the admin system and added an allow rule for everyone giving access to /tags/* - but it's not working. In firefox it's just timing out, and in other browsers it only gets as far as displaying everything up until where the element starts.
It works when logged in as an admin, but not for anyone else.
I think I've fixed my
I think I've fixed my problem. I've added an additional / to the start of the functions called by requestAction().
I.e., the two that I needed were /tags/findastory and /tags/taglist, so to make these work, the rule I used was "//tags/findastory or //tags/taglist"
I hope this helps someone out there :)
Hi, all just to say you that
Hi, all just to say you that now Authake 2.0 is on cakeforge.org.
http://cakeforge.org/projects/authake2/
I have uploaded my fork of authake with some modifications i have maiden time to time.
All the major modifications is on the interface that is more web 2.0 alike and in source code clearing.
There is work to do on translations and many many other directions.
If you wish to try it i suggest you to download the package in the files repository. The package contains simple contacts application with authake and full featured cake 1.3.
User: admin / Pass: admin
For every questions contact me in the forum or email me.
Cheers
Marco aka LazyCoder
Is there a possibility to get
Is there a possibility to get the name of the logged in user? I want to save the name of the person who made the changes in the model, like "modified_by". I would like to use for it the AppModel
Jens
Has anybody figured out the
Has anybody figured out the problem with changing the password.
Why on the user profile it removes the groups but changing the password on the admin side doesn't.
Reading some documentation, I added a auto increment id to authake_groups_users and it works fine.
unique: If true (default value) cake will first delete existing relationship records in the foreign keys table before inserting new ones, when updating a record. So existing associations need to be passed again when updating.
http://book.cakephp.org/view/24/Model-and-Database-Conventions
Hi!, My Problem is.
Hi!,
My Problem is. /cake/authake/authake/users/edit/1 was not found on this server.
What is the solutions ?
Tanks.
Hi, I made Authake CakePHP1.3
Hi, I made Authake CakePHP1.3 compliant, so everything is encapsulated in one directory. Please contact me in order to send you my changes.
Regards
Nik Friend Pasome your
Nik Friend
Pasome your cmodificaciones please.
I probe with the 1.3 and I get the following error:)
I probe with the 1.3 and I get the following error:)
Fatal error: Class 'AuthakeAppController' not found in C: \ xampp \ htdocs \ cakephp \ app \ controllers \ authake_controller.php on line 23
thanks in advance
>Why on the user profile it
>Why on the user profile it removes the groups but changing the password on the admin side doesn’t.
>Reading some documentation, I added a auto increment id to authake_groups_users and it works fine.
I can confirm that Jody's method is working.
It would be great to add this fix to database scheme I think.
Best regards.
Just want to add to my
Just want to add to my previous comment. Calling the field 'id' will cause an error in query for viewing group details - 'field id in order clause ambigous'. The fast solution is to call this field like 'key' or something else that differs from name 'id'.
Thanks
hi, I'm learning cakephp. I
hi, I'm learning cakephp.
I am interested in using for user authake Management. I wanted to ask, will it in the Rules Management added check box option to disable / enable these rules. example usage: on date 1 - 5 user can not edit the article. However, on date 15 - 20 users are allowed to edit articles. with notes and rules that user groups are the same.
thanks for the explanation. sorry my bad english
please friends I need help
please friends
I need help with the error mentioned earlier.
it can be very stupid question but if you do not ask do not learn
thanks in advance
Hello i'm a new to cake
Hello
i'm a new to cake php. I ahve downloaded a cake version 1.3.2 and started to use the authcake.
But i'm getting the following error.
Warning (512): SQL Error:findAll 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'findAll' at line 1 [CORE\cake\libs\model\datasources\dbo_source.php, line 675]Code | Context $out = null;
if ($error) {
trigger_error('' . __('SQL Error:'.$sql.'', true) . " {$this->error}", E_USER_WARNING);
$sql = "findAll"
$error = "1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'findAll' at line 1"
$out = nullDboSource::showQuery() - CORE\cake\libs\model\datasources\dbo_source.php, line 675
DboSource::execute() - CORE\cake\libs\model\datasources\dbo_source.php, line 264
DboSource::fetchAll() - CORE\cake\libs\model\datasources\dbo_source.php, line 408
DboSource::query() - CORE\cake\libs\model\datasources\dbo_source.php, line 362
Model::call__() - CORE\cake\libs\model\model.php, line 502
Overloadable::__call() - CORE\cake\libs\overloadable_php5.php, line 50
Rule::findAll() - [internal], line ??
Rule::getRules() - APP\plugins\authake\models\rule.php, line 40
AuthakeComponent::getRules() - APP\controllers\components\authake.php, line 133
AuthakeComponent::isAllowed() - APP\controllers\components\authake.php, line 147
AuthakeComponent::beforeFilter() - APP\controllers\components\authake.php, line 59
AppController::beforeFilter() - APP\app_controller.php, line 47
Controller::startupProcess() - CORE\cake\libs\controller\controller.php, line 526
Dispatcher::_invoke() - CORE\cake\dispatcher.php, line 187
Dispatcher::dispatch() - CORE\cake\dispatcher.php, line 171
Dispatcher::__construct() - CORE\cake\dispatcher.php, line 80
[main] - APP\webroot\index.php, line 83
Query: findAll
Thanks in advance
Fida
How to run an requestAction?
I am using your plugin and it works correctly.I have the problem that I can not run an requestAction as normal user.I added the line '/menus/getMenu' to the list of actions allowed but still does not work.Accessed via the action URL is operating normally.As I can solve the problem?Salutes from argentina
Pages