How to make User Panel from Admin Panel in Cakephp

Rajan Kumar February 12, 2019

How to make User Panel from Admin Panel in Cakephp

Admin Panel has full permissions but User Panel is provided with limited permissions. In other words, we can say that users can see only their own pages or posts which they have created in the admin panel.

The challenge is to create a User panel from admin panel in the shortest span of time

There are multiple ways to do so e.g.

– We can make different user panel from admin which has different controllers and different permissions according to the requirements.

Or

– We can differentiate the user’s role in the written functions of every controller and redirect the requests to the right path according to their roles.

The above approaches are time-consuming so let me share the quickest approach with you:

What is Authorization:

Authorization is the process of ensuring that only an identified/authenticated user is allowed to access the resources they are requesting. There are several ways to handle the authorization or you can also create custom ones according to your requirements.

a) ActionsAuthorize Uses the AclComponent to check for permissions on an action level.

ACL stands for “Access Control List” and this approach is for multiple roles.

b) ControllerAuthorize Calls isAuthorized() on the active controller, and uses the return of that to authorize a user.

It is recommended for two types of admin panel i.e. the Super Admin Panel and the User Panel.

What all you need to do is, just follow the documentation link of CakePHP and place “isAuthorized” function in your respective controller code according to your requirements. Then within just a few minutes, you have your user admin panel which is directly created from your super admin panel in a very little time.

Let’s take an example for a better understanding of “isAuthorized” function. Let’s assume there are a number of posts on our website. You want the access control such that admin can view, add or delete any of the posts while users can see, edit or delete their respective posts only. This can be done as follows using the”isAuthorized” function provided by CakePHP:

/**
 * Path :- app/Controller/PostsController.php
 */
public function isAuthorized($user)
{
  // All registered users can add posts
  if ($this->action === 'add') 
  {
   return true;
  }

  // The owner of a post can edit and delete it
  if (in_array($this->action, array('edit', 'delete'))) {
    $postId = (int) $this->request->params['pass'][0];
    if ($this->Post->isOwnedBy($postId, $user['id'])) {
     return true;
    }
  }

  return parent::isAuthorized($user);
}

To check whether a post belongs to a specific user or not, write “isOwnedBy” function in model file

/**
 * Path :- app/Model/Post.php
 */
public function isOwnedBy($post, $user) 
{
 return $this->field('id', array('id' => $post, 'user_id' => $user)) !== false;
}

Found the article useful? Share it with your friends and co-workers… Now!

If you have any queries or doubts about this topic please feel free to contact us. We are here to help you!

Lets’s Talk

About your ideas and concept