CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

CakeDC Users Plugin for CakePHP 3 - Update 3.1.5

Welcome to our updated tutorial covering the new CakeDC Users Plugin for CakePHP 3. In this tutorial we'll setup and configure the Plugin, introducing some of the available features.

Note this is the updated tutorial for the latest version of the plugin 3.1.5.

We'll assume you are starting a new CakePHP 3.2.x application, with some existing tables (blog site maybe?).

Setup

Easy thing, let's use composer to install the CakeDC Users Plugin

        composer require cakedc/users

Now ensure the Plugin is loaded from your bootstrap.php file

        Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]);

Create some tables to store the users in your database

        bin/cake migrations migrate -p CakeDC/Users

This migration will create 2 tables into your database, "users" where the users and credentials are stored, and "social_accounts" where the tokens for the social login feature will be stored and managed.

Now you can register a new user (ensure your CakePHP is able to send emails to get your validation link correctly), or you could use the provided shell to create new users from the command line

        bin/cake users addSuperuser

output for the shell command to generate new superuser

This new super user will be granted full administrative permissions (check the src/Auth/SuperuserAuthorize class for more details and configuration)

Configuration

Load the Component in your src/Controller/AppController.php

    public function initialize()
    {
        parent::initialize();
        //
        // ...
        //
        $this->loadComponent('CakeDC/Users.UsersAuth');
    }

login page output

Now you have the Plugin installed and a brand new superuser granted with full permissions, it's time to configure permissions for the rest of the roles you'll need.

Simple role based permission rules

By default, the CakeDC Users Plugin allow users to register, and all new users are assigned role = 'user' by default. Note you can change the default role name assigned to new users, but we'll keep the 'user' role for now. Let's assume you have some controller with a couple actions you want to allow, for example "/posts/view/*" We are going to configure SimpleRBAC to allow the role = 'user' accessing the 'view' action:

Create a new file "config/permissions.php" with the following contents

    return [
        'Users.SimpleRbac.permissions' => [
            [
                'role' => 'user',
                'controller' => 'Posts',
                'action' => ['view'],
            ],
        ]
    ];
    

Now you've defined your first permission rule, allowing users with role = 'user' to access the /posts/view action, note you can use wildcards '*', and arrays to cofigure your rules.

Cool, so now you have users in your application, allowing new users to register, validate their emails, login, change password, and use cookies to remember login. In our next short tutorial we'll cover Facebook login and Twitter login.

Ownership

What about ownership? We are talking about posts, and possibly you'll need to allow the post author to edit his own post, the good news: this is super easy with CakeDC Users Plugin.

We'll assume you have a user_id column in your posts table to support the association Posts belongsTo Users. Add a new rule to allow only the owner of a given post to edit it. Update your permissions.php file, adding this rule:

    use Cake\ORM\TableRegistry;
    use CakeDC\Users\Auth\Rules\Owner;    

    return [
        'Users.SimpleRbac.permissions' => [
            [
                'role' => 'user',
                'controller' => 'Posts',
                'action' => ['view'],
            ],
            [
                'role' => 'user',
                'controller' => 'Posts',
                'action' => ['edit', 'delete'],
                'allowed' => new Owner(),
            ],
        ]
    ];
    

And we're done, you've configured ownership permissions for your ['edit', 'delete'] actions.

Check other examples in the CakeDC Users Plugin Docs

Read more about CakeDC Users Plugin

Giving back to the community

This Plugin's development has been sponsored by the Cake Development Corporation. Contact us if you are interested in:

We'll continue working on our open source plugins (like this one) to give back to the amazing CakePHP Community!

 

Latest articles

Learn more about UX tracking metrics that can help you

With UX being a subjective, human and ever changing experience, it can be seen as difficult to track. However, there are some key tell-tale signs that you should be tracking in order to assess the overall user experience of your website.   Common metrics to use when tracking UX   1. Tracking how long it takes visitors to fill out your forms If your contact forms take too much time to fill in, your visitors or potential clients may get frustrated and fail to complete the form. Forms need to be simple, short and easy. Some tips to keeping forms user friendly and easy to fill in include:

  • keeping the number of fields as simple as possible,
  • Keeping the number of fields to as few as possible, there will be opportunity to ask for more information later on in the customer journey.
  • Testing your form yourself, if you struggle to fill out the fields during testing then you definitely need to relook it!
  • Add a confirmation page or message to let your user know that they have submitted successfully
  2. How many fields are skipped in submitted forms? Do you allow for optional fields in your forms? If you do, do you find a trend on certain fields not being submitted? These fields may be too much trouble for your users to fill in - remember, most visitors are lazy when needing to contact you. Make it as easy as possible but also, its important to ensure that you aren’t being too intrusive when requiring information in your forms. If it’s not ‘need to know’ information, then cut it from your form. These skipped fields give you a good idea as to what your user is thinking and feeling. Make sure to keep an eye on how your forms are submitted and what your users are subconsciously telling you.   3. Analyse your user experience with the use of heat maps Heatmaps give you the best view of the journey your visitors take when visiting your page. From where they are clicking to the amount of engagement a page gets and where. Simple things from users clicking your logo top of page to which links they view as engaging and click through to, these insights help you better optimise your page.      4. Collect feedback from customers and your customer service department Your customer service department is front facing - these are the people that will know what users are saying about your website and they are able to provide insights into where your UX issues. If you haven’t already - this is a great place to start your UX measurement and feedback journey.   If you need an expert to help you with your website, then give CakeDC a call. CakeDC - the experts behind CakePHP.  

Does your website suffer from these challenges? Some tips to fix them!

If you haven’t had a good hard look at your website in a while, now is the time to do so. You will probably find a few things that you’d like fixed. These are the most common challenges that websites fail to fix in time.   Content and technology that is out of date If you had your website built years ago, chances are that it is (severely) out of date. This leaves you vulnerable to security breaches amongst other things. Content is another part of your website that goes out of date, do a spring clean of your overall content and make sure everything listed on your site is still relevant and well organized.   No Call to action for your visitors Are you missing call-to-action triggers such as “Download”, “Contact Us”, “Get started” or “Sign up for free”. You may be losing valuable conversions by not encouraging visitors to engage with your content and brand. This is a quick and easy fix - ideally, you should be checking and updating this type of content regularly to keep abreast of website visitor trends.   Lack of branding It is important as a business owner to make your brand reliable and trustworthy, it is also important to make sure your website correctly displays your clear brand message. Who are you, what do you offer and what tone do you use to project your brand to your clients.   Traffic woes due to SEO troubles If you are not seeing good traffic onto your site, the main culprit may be poor SEO practices. Be sure to regularly check your analytics tracking and if you seeing poor traffic landing on your site then the next port-of-call is to suss out your SEO elements. These include title tags, headlines, content, alt tags, file names, meta descriptions. It is also important to make sure these all align to your key brand message and product offering. The best trick is to select a core group of relevant and related keywords and build your SEO strategy around these.   Websites that haven’t been optimised for mobile If you (or your development team) has failed to quality test the appearance of your site across devices, then you are probably in the majority of companies that are not optimised for mobile. The time is now! Mobile optimised sites are becoming more and more important to business strategy as consumers are no longer bound to only browsing via their computers or laptops. Be sure to check that you are following best practices when optimising for mobile, such as common menu icons and icon placements.   Not sure if your website needs an overhaul? Contact the experts behind CakeDC today to find out more about our development services as well as how we can help you become leaders. CakeDC - We lead, so you can lead.  

Redesigning your website? Do not do this!

From increasing engagement through to increasing overall website performance, there may be aspects of your site that you are currently unhappy with or are looking to improve. Redesigning your website may be necessary due to lack of performance or a brand overhaul, but there are certain things that you should avoid at all costs when redesigning your website.   1. Not considering risk mitigation Most creative or marketing agencies offer web redesigns are part of their packages, however, often fail to outline the different risks that you may face. Such risks include loss of data, server failures, loss of website functionality, bugs and QA testing timelines. To fully understand your risk exposure, it is ideal to consider all individual changes or updates being made and then multiply by the depth of change for each element.   2. An overcrowded home page We understand, when given the opportunity to redesign your website, the first goal is to get all of your messaging across to your potential clients. However, the biggest mistake when doing this, is to inundate the user with too much information and overcrowd your homepage. This leaves visitors confused, overwhelmed - Users make a decision on whether or not to continue browsing after 3 seconds. It is important to ensure that all information is presented in a concise manner. Perhaps investigate infographics to reduce word dense designs.   3. It’s difficult to contact you Leaving out essential contact information or links to your social sites may discourage potential clients from trying to contact you. Keep your information handy in the footer of each page, as well as on its on contact page. The contact page gives you the opportunity to include a contact form as well as other relevant information that may be useful to your visitors.   4. Not having responsive web design and cross device QA testing Your website visitors will become frustrated if they are viewing your site on a device that has not been optimised for - leaving the page lacking user friendliness. Make sure to test a variety of devices and ensure your website has responsive web design.   5. Slow site speed and lack of optimisation Having a slow site can take away any favorable first impressions - make sure to optimise thoroughly when developing your site and ensure site speed is up to scratch.   6. Avoid poor or pixelated imagery Make sure to give proper image files to your development team. Including pixelated or poor imagery onto your site displays lack of professionalism to your visitors or potential clients.   Are you struggling with any of the above website redesign issues? Contact the CakeDC team today and speak to the experts behind CakePHP

We Bake with CakePHP