122 lines
4.1 KiB
PHP
122 lines
4.1 KiB
PHP
<?php
|
|
/**
|
|
* Copyright 2010 - 2017, Cake Development Corporation (https://www.cakedc.com)
|
|
*
|
|
* Licensed under The MIT License
|
|
* Redistributions of files must retain the above copyright notice.
|
|
*
|
|
* @copyright Copyright 2010 - 2017, Cake Development Corporation (https://www.cakedc.com)
|
|
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
|
|
*/
|
|
|
|
/*
|
|
* IMPORTANT:
|
|
* This is an example configuration file. Copy this file into your config directory and edit to
|
|
* setup your app permissions.
|
|
*
|
|
* This is a quick roles-permissions implementation
|
|
* Rules are evaluated top-down, first matching rule will apply
|
|
* Each line define
|
|
* [
|
|
* 'role' => 'role' | ['roles'] | '*'
|
|
* 'prefix' => 'Prefix' | , (default = null)
|
|
* 'plugin' => 'Plugin' | , (default = null)
|
|
* 'controller' => 'Controller' | ['Controllers'] | '*',
|
|
* 'action' => 'action' | ['actions'] | '*',
|
|
* 'allowed' => true | false | callback (default = true)
|
|
* ]
|
|
* You could use '*' to match anything
|
|
* 'allowed' will be considered true if not defined. It allows a callable to manage complex
|
|
* permissions, like this
|
|
* 'allowed' => function (array $user, $role, Request $request) {}
|
|
*
|
|
* Example, using allowed callable to define permissions only for the owner of the Posts to edit/delete
|
|
*
|
|
* (remember to add the 'uses' at the top of the permissions.php file for Hash, TableRegistry and Request
|
|
[
|
|
'role' => ['user'],
|
|
'controller' => ['Posts'],
|
|
'action' => ['edit', 'delete'],
|
|
'allowed' => function(array $user, $role, Request $request) {
|
|
$postId = Hash::get($request->params, 'pass.0');
|
|
$post = TableRegistry::getTableLocator()->get('Posts')->get($postId);
|
|
$userId = Hash::get($user, 'id');
|
|
if (!empty($post->user_id) && !empty($userId)) {
|
|
return $post->user_id === $userId;
|
|
}
|
|
return false;
|
|
}
|
|
],
|
|
*/
|
|
|
|
return [
|
|
'CakeDC/Auth.permissions' => [
|
|
//admin role allowed to all the things
|
|
[
|
|
'role' => 'admin',
|
|
'prefix' => '*',
|
|
'extension' => '*',
|
|
'plugin' => '*',
|
|
'controller' => '*',
|
|
'action' => '*',
|
|
],
|
|
//specific actions allowed for the all roles in Users plugin
|
|
[
|
|
'role' => '*',
|
|
'plugin' => 'CakeDC/Users',
|
|
'controller' => 'Users',
|
|
'action' => ['profile', 'logout', 'linkSocial', 'callbackLinkSocial'],
|
|
],
|
|
[
|
|
'role' => '*',
|
|
'plugin' => 'CakeDC/Users',
|
|
'controller' => 'Users',
|
|
'action' => 'resetGoogleAuthenticator',
|
|
'allowed' => function (array $user, $role, \Cake\Http\ServerRequest $request) {
|
|
$userId = \Cake\Utility\Hash::get($request->getAttribute('params'), 'pass.0');
|
|
if (!empty($userId) && !empty($user)) {
|
|
return $userId === $user['id'];
|
|
}
|
|
|
|
return false;
|
|
}
|
|
],
|
|
//all roles allowed to Pages/display
|
|
[
|
|
'role' => ['user'],
|
|
'controller' => 'Employments',
|
|
'action' => ['index'],
|
|
],
|
|
/* [
|
|
'role' => '*',
|
|
'controller' => 'Imports',
|
|
'action' => ['ftp','ftp_analyse','index','ftpAnalyse'],
|
|
], */
|
|
[
|
|
'role' => '*',
|
|
'controller' => 'Pages',
|
|
'action' => 'display',
|
|
],
|
|
[
|
|
'role' => 'asd',
|
|
'controller' => 'Employments',
|
|
'action' => 'analyse',
|
|
],
|
|
|
|
/*[
|
|
'role' => ['user'],
|
|
'prefix' => 'admin',
|
|
'controller' => ['Curls'],
|
|
'action' => ['upStatistik', 'usStatistik'],
|
|
/*'allowed' => function(array $user, $role, \Cake\Http\ServerRequest $request) {
|
|
$userId = \Cake\Utility\Hash::get($request->getAttribute('params'), 'pass.0');
|
|
if (!empty($userId) && !empty($user)) {
|
|
return $userId === $user['id'];
|
|
}
|
|
|
|
return false;
|
|
}
|
|
], */
|
|
]
|
|
];
|