Replace AuthComponent usage with Authentication plugin.
This replaces the use of the deprecated AuthComponent with the Authentication plugin.
I chose to not use the Authorization plugin as app already relied on methods from GeneralFunctions
and the GranularAccess
components and rewriting them as authorization plugin policy would be a lot of unnecessary code churn with no practical benefit.
The current AppController::isAuthorized()
has a bug which essentially renders it useless. It checks if prefix is admin
but prefixes are now camel cased so it's Admin
. That's why $this->GeneralFunction->checkIfRolesExists()
were required in methods of every admin action. So I created a new RequestAccess
component instead which properly handles access to admin actions and cleaned up all controllers.
Edited by ADmad