3.0.2

Fixes

• Fixed identity to array conversion.
• Fixed component enable check in helper

3.0.1

Fixes

Fixed compatibility with plugins a bit more.

3.0.0

CakePHP 4 stable release

This release now contains two possible versions to be used

• Former AuthComponent approach (simple and fast to set up), minimal upgrade path from CakePHP 3.x
• New plugins Authentication/Authorization and middleware approach (powerful and customizable)

It manages access to controller actions the easy and DRY way using different strategies.
By default, it ships with simple INI files, but you can also add DB adapters or custom ones.

On top, it contains useful helpers around access checking in both controller and view level using components and helpers.

3.0.0-beta

CakePHP 4 compatible pre-release.

Please help to finalize for stable release.

2.0.1

Improvements

Added TinyAuth RequestAuthorizationMiddleware to handle requests correctly that are already "public" through Authentication skipping, and thus should not throw an exception.

use Authorization\Middleware\AuthorizationMiddleware;
use TinyAuth\Middleware\RequestAuthorizationMiddleware;

$middlewareQueue->add(new AuthorizationMiddleware($this));
$middlewareQueue->add(new RequestAuthorizationMiddleware());

2.0.0

Improvements

After 5 years it is time for an upgrade: A shiny new major with shiny new features.

INI files

acl.ini is now auth_acl.ini, to be in sync with auth_allow.ini.
You can use Configure to keep old names if you want to (or need it for BC).

Cool new Quick setups

TinyAuth, to really live up to its name, offers a few new quick setups.

Allow non-prefixed actions to be public

If you have non-prefixed controllers that you want to make public and keep prefixed ones protected:

'allowNonPrefixed' => true,

Prefix based allow

If you want to allow certain prefixes on top, you can use:

'allowPrefixes' => [
    'my_prefix',
    'nested/prefix',
],

External data integration

With this version a new AllowAdapterInterface has been added to complete an API for other libraries to provide data:

• AllowAdapterInterface
• AclAdapterInterface for RBAC

Both able to be used to connect this plugin to other libraries for providing allow/ACL input.
It continues to default to the internal INI adapters.
If other adapters - e.g. reading from DB - are used, it will still cache those internally to provide the same general speed it does with internal adapters.

One DB integration is now available as TinyAuthBackend plugin.

Plugin support

Support for the new Authentication and Authorization plugins has been added.
A RequestPolicy is now provided to connect the TinyAuth ACL input to request based authorization using this new plugin.

If you plan on using the new plugins, you must not use Auth component anymore. They can't be mixed.

Cache busting

Cache can now be cleared from code side for each auth type.

Available roles

There is now a convenience class TinyAuth in Utility namespace to quickly retrieve currently available roles.

Upgrade Infos

With this release a few small BC breaks will have to be covered with configuration (if you didn't so before):

• file is now aclFile/allowFile
• filePath is now aclFilePath/allowFilePath
• allowUser is now allowLoggedIn (former key still works, but emits deprecation warning)
• adminPrefix is now protectedPrefix (former key still works, but emits deprecation warning)
• _authUser data is now only handed down to the view layer from AuthUser component, not Auth anymore.

1.12.3

Bugfixes

Fixed allowUser config together with nested prefixes to work as expected.

1.12.2

Bugfixes

Asserted that accidentally reading global Configure data is not possible.

1.12.1

Bugfixes

Fixed support for multiple slashes in prefix.

1.12.0

Improvements

Support named routes.

• $this->AuthUser->link('Change Password', ['_name' => 'admin:account:password'])
• $this->AuthUserHelper->hasAccess(['_name' => 'Tags::edit'])

Thanks for this @lorro and @saeideng