CakePHP 3 with TinyAuth & Blame

I want to walk you through a blank CakePHP 3 setup and install a few worthwhile plugins. The primary goal of this post is to show how to setup Dereuromark’s TinyAuth plugin which is fantastic however may leave a few newbies scratching their heads trying to get it set up. So what follows will be a cookbook style approach with copy and paste code.

There is a number of ways we could setup TinyAuth and these are outlined in the manual however I’m just going to show you the Users HasAndBelongsToMany Roles method that way you should see how to revert back to the other “Role Base Access Control” possibilities.

So let’s get started.

Download CakePHP 3

Change [app_name] to the name of the folder that will house your application.

You may also need to make sure the the cake bake feature has the right permissions set. Run the following if you get a permissions error when using the migration commands below.

Create Table Migrations

We’ll need three tables for this to get us started, users, roles and roles_users table. Open your terminal and run the following.

Make sure you have setup your database connection in config/app.php otherwise you will get an error when trying to run the migration commands.

Once the commands above have run successfully you should have 3 new migration files in config/Migrations. Next open up all 3 files in your favorite editor and drop in the following code.

Place this code in your create_user_table.php file.

Next place this code in your create_roles_table.php file.

Next place this code in your create_users_roles_table.php file.

Now run your migrations in your terminal us follows.

 Bake All

Run the cake bake command to create all your models, views and controllers.

 Load Plugins

Ceeram Blame

Next lets load in the plugins we will use. Ceeram’s Blame plugin keeps track of who changed what. You will notice the created_by and the modified_by fields in both the Users and Roles Table. All future tables should also contain those integer fields if you need to keep track of changes made by users.

 Dereuromark TinyAuth

Run the following to load Dereuromark’s TinyAuth.

 Edit Bootstrap.php

Next edit your config/bootstrap.php file. Load the following plugins.

 Authentication with Cake Auth

Let set up the login, logout part of our website. Open up src/Controller/AppController.php and load the auth component with a few settings passed in. Notice we have setup the “authorize” part to use TinyAuth.

Next open up src/Controller/UsersController.php and add the following login, logout methods.

Let’s also add a beforeFilter method that will allow as to override certain method/views so that unlogged in users can access certain parts of the website. Do this for both the User and Role Controller.

Now open up src/Template/User and create a new file called login.ctp then add the following

Next open up src/Model/Entity/User.php and add the following to hash the password.

 TinyAuth acl.ini

Last but not least we need to create an acl.ini file in our config folder. Add the following as a starting point.

Your app should now be fully secured. Try login into to any location such as users/index and you should be bounced back to users/login.

Blame Someone

Lets finalise the Ceeram Blame plugin. We needed to setup the authorization in order for the Blame plugin to know who was logged in so that it can associate a user id with the created_by and modified_by fields.

Simply add the following to your AppController

Next add the Blame Behavior to each of the Role and User models. Go to src/Model/Table.


Now you should have a full working login, logout app with the ability to set up role types and set permission for your views! Awesome!

If you have trouble please check out my git repo and compare the code. Alternatively you can clone my repo for a starting point for your next cake project. Download from BitBucket: cakephp3-loaded

Tags: , , ,

8 Responses to “CakePHP 3 with TinyAuth & Blame”

  1. Daren July 21, 2015 at 9:57 am #

    Your post on tinyauth is great and helped me also. I am new to learning, would it be difficult to use the with your setup. I really need the user features it offers.

    • Justin July 21, 2015 at 10:14 am #

      I have never used burzum/cakephp-user-tools but it looks quite good with clean code and very flexible configuration. At a quick glance you should be able to use the built authorization and then use dereuromark/cakephp-tinyauth for the authentication. Authorization and Authentication are two different things. The configuration options for burzum look like they allow you to override the built in defaults with you own preferred configuration.

  2. Adam August 24, 2015 at 9:55 pm #

    Please specify that users should delete the modified_by and created_by fields from the Users and Roles Templates under App_name/src/Template/.

    • Justin December 3, 2015 at 2:29 pm #

      Good point, if you are baking your own code it will display the created_by and modifed_by in the generated HTML. Since most people will be changing the default HTML it should be obvious.

  3. wessel November 30, 2015 at 9:09 am #


    Thanks for this guide. Some problems I found (probably because I’m using cakephp 3.1?)

    * tables were not created. The migrations should be done in the change function instead of in the up function. And with ->create() instead of ->save() (the comments in the migrations hints this)

    * MysqlAdapter not found: add use Phinx\Db\Adapter\MysqlAdapter; on top of the migrations files

    • Justin December 3, 2015 at 2:35 pm #

      Yes good points, there have been a few subtle changes in CakePHP 3.1 but also in the Phinx Migration library. It’s a good practice to consult the Phinx docs for changes.

      The problem you have is easily fixed, just move the table code into the “change” function and use create() rather that save(). The benefit of this is Phinx will look after the migrate/rollback in one function.

      The second error is also easy fixed, just included “use Phinx\Db\Adapter\MysqlAdapter;” at the top of your PHP migration file. You only need this when you are using column types outside of the defaults provided by Phinx. For example TINYINT etc…

  4. hi February 28, 2016 at 10:31 pm #

    I get the following error after logging in:

    Authorization adapter “TinyAuth.Tiny” was not found

    • Justin March 29, 2016 at 4:12 pm #

      Did you load it using composer? Or perhaps you forgot to include it in your bootstrap file. I’d check these two things first.

Leave a Reply