Cakephp Auth with multiple “Users” tables

2019-01-10 10:07发布

问题:

I would like to know how to deal with only ONE authentification process and "users" in multiple tables. I have 4 Users table: users, admins, artists, teamadmins which all have specific fields, but I would like all of these users to be able to connect via only one form on the homepage, and being redirected after that to their specific dashboards.

I think the redirections shouldn't be a problem, and some routes added should work, but I really don't know where to look/start to ake this all possible.

Cheers,
Nicolas.

EDIT: here's the final solution (thanks to deizel)

App::import('Component', 'Auth');
class SiteAuthComponent extends AuthComponent {

    function identify($user = null, $conditions = null) {
        $models = array('User', 'Admin', 'Artist');
        foreach ($models as $model) {
            $this->userModel = $model; // switch model
            $this->params["data"][$model] = $this->params["data"]["User"]; // switch model in params/data too
            $result = parent::identify($this->params["data"][$model], $conditions); // let cake do its thing
            if ($result) {
                return $result; // login success
            }
        }
        return null; // login failure
    }
}

回答1:

CakePHP's AuthComponent only supports authentication against a single "User" model at a time. The model is chosen by setting the Auth::userModel property, but it only accepts a string and not an array of models.

You can switch the userModel on the fly with the following code, but this requires you to know in advance which model to switch to (eg. your users have to choose their account type from a dropdown):

public function beforeFilter() {
    if (isset($this->data['User']['model'])) {
        $this->Auth->userModel = $this->data['User']['model'];
    }
}

You can likely extend the core AuthComponent to add the functionality you want by overwriting the AuthComponent::identify() method so it loops over and attempts authentication with each model:

App::import('Component', 'AuthComponent');
class AppAuthComponent extends AuthComponent {

    function identify($user = null, $conditions = null) {
        $models = array('User', 'Admin', 'Artist', 'TeamAdmin');
        foreach ($models as $model) {
            $this->userModel = $model; // switch model
            $result = parent::identify($user, $conditions); // let cake do it's thing
            if ($result) {
                return $result; // login success
            }
        }
        return null; // login failure
    }
}

You will have to replace occurrences of Auth in your application with AppAuth to use your extended AuthComponent, unless you use this trick.



回答2:

While annoying, I think the best solution is probably using Cake's built in ACL support (see http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application.html).

If you do authentication the way you're talking about, you have to keep track of permissions in your controller code, checking to see what the userModel is. If you use an access control list, the permission tree will already exist in the database, which should simplify your code a great deal, and make it more modular.

It also means restructuring your data model to have a single users table and groups table instead of entity classes for each type of user.

I just went through the process of doing this myself... :(



回答3:

this is also a possibility

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->authenticate = array(
        AuthComponent::ALL => array('userModel' => 'AnotherModel'),
        'Form',
        'Basic'
    );
}


回答4:

Here is the final solution as suggested by deizel and modified by Nicolas:

App::import('Component', 'Auth');
class SiteAuthComponent extends AuthComponent {

    function identify($user = null, $conditions = null) {
        $models = array('User', 'Admin', 'Artist');
        foreach ($models as $model) {
            $this->userModel = $model; // switch model
            $this->params["data"][$model] = $this->params["data"]["User"]; // switch model in params/data too
            $result = parent::identify($this->params["data"][$model], $conditions); // let cake do its thing
            if ($result) {
                return $result; // login success
            }
        }
        return null; // login failure
    }
}