CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

Color Accessibility – UX Best Practice...

Designing websites can be fun, challenging and exciting. Even if you are just managing the process behind the website design, it is important to be aware of best practices of color use in web design. Color is one of the most powerful tools when designing. Color can introduce personality into your web page, it can bring across your brand and your message, it can make the user feel more at ease. But it can also alienate and confuse people - imagine being color blind and navigating a site that hasn’t thought about this intricacy. Have you considered your end user in your color choice for your web design? Other factors that you should take into consideration are how our brains see color, the way color affects usability, and the cultural connotations of color. Color plays a role in the readability and user experience. For instance, overlaying colors on opposite ends of the color wheel can make reading easier. Designing with accessibility in mind is not a barrier to innovation, guidelines to help you design for a diverse set of end users will challenge you to find the best solution to your design problem. Some tips for designing with color accessibility in mind Don’t use color as the only visual means of conveying information Find and use alternative visual means to convey information - Use both colors and symbols. For instance, a required field left blank could be conveyed with a red border. However, if you are finding color difficult to visualise, then this wouldn’t be too useful. Another method would be to include a hazard triangle in the empty field to visualise and convey that the field has been left blank. This will help users who are unable to, or have difficulty with, distinguishing colors. Always ensure sufficient contrast between text and background Ideally it is said that the contrast ratio between text and its’ background should be at least 4.5 to 1. If your font is at least 24px or 19px bold, the minimum drops to 3 to1. But why you ask? Imagine if you are color blind, if the contrast is not there, the text and the background will just fade into each other. Quick rule of thumb - don’t overlay light-on-light or dark-on-dark and do overlay colors with varying values to help with readability. Keep it minimal Limit the color palette you use for your website - allow for fewer instances of confusion. Stick to a core group or core set of colors to best represent your design or brand. Minimalistic design is timeless and a current trend - it also is very useful if you are designing for color accessibility. Avoid these color combinations Here are a few combinations to avoid - depending on the type and severity of a user’s color blindness - these combo’s may be a potential nightmare

  • Green and red;
  • Blue and purple;
  • Green and brown;
  • Green and blue;
  • Light Green and yellow;
  • Blue and grey;
  • Green and grey;
  • Green and black;

Basics behind web applications and why...

Web apps, web applications, website applications - all terms that you have probably heard thrown around. But why should you be in the ‘web app’ know and why is it important that you have a working solution (in the form of a web application) for your business? Web applications, in simplified terms, are dynamic web sites combined with a server side backend, providing functionalities such as interacting with users, building databases, generating information or databases for users etc. There are a wide variety of functionalities - if you can think it, you will be able to build an app to do it (especially with the expert services of our development team!). There are two main technology categories for creating web apps, client side scripting and server side scripting. Here are some common Client Side Scripting technologies:

  • HTML (HyperText Markup Language)
  • CSS (Cascading Style Sheets)
  • JavaScript
  • Ajax (Asynchronous JavaScript and XML)
  • jQuery (JavaScript Framework Library - commonly used in Ajax development)
While here are the common Server Side Scripting technologies:
  • PHP (very common Server Side Scripting language - Linux / Unix based Open Source - free redistribution, usually combines with MySQL database)
  • ASP.NET (Microsoft's Web Application Framework - successor of ASP)
  • Ruby
  • Perl (general purpose high-level programming language and Server Side Scripting Language - free redistribution - lost its popularity to PHP)
  • Python (general purpose high-level programming language and Server Side Scripting language - free redistribution)
Web application frameworks are sets of libraries, components and tools organized in an architecture system which allows developers to build and maintain applications with a fast and efficient manner. CakePHP is one such framework. So why does CakeDC stand by CakePHP - for that precise reason, CakePHP is a tool that allows us to deliver your vision efficiently. But why are we app’s becoming more popular for businesses
  • They help create a professional online presence;
  • Get the reach to customers;
  • Create multi layer/multi category customer journeys
  • Flexibility and versatility offered by web applications

5 Things every website needs

Are you in need of an updated website or a new website that better suits where you are now with your business? Maybe you had your website developed and designed a few years ago, and it’s starting to show its age - or you’ve had a new idea and your website isn’t capable of that. Websites all need basic things - here are our tips for things to have on your website

  • Contact information on every single page.
Seems like a simple thing right? But most companies either miss this or forget to design it into each page. Include the phone number that you want people to call you on for sales inquiries. Another important key piece of information is an email address - not every visitor likes or has the time to phone through to inquire about your product.
  • Easy navigation.
It is so important to make sure that your visitors will be able to navigate your website easily. This could make or break your initial impression of the site (and in connection, the business overall). Have an easy to read and understand navigation menu - make it easy for visitors to stick around and find what they are looking for.
  • A blog.
We suggest having quality content. Quality content will help in your online marketing efforts - social media marketing, SEO optimization. To get maximum benefit, your blog (and associated content) should be listed under your main domain, and not on an off-site service. As an added benefit, a blog is an excellent opportunity to establish your company as an expert in your industry and connect with your customers.
  • An SEO strategy that suits and targets your services and products.
This also means having a clear message - your visitors shouldn’t have to guess if they have found the right place. Optimizing your site so that people can find you via web searches or web browsers is key to being seen and bringing in new customers/visitors to your site. This means more than just including your company name in the the metadata. Focus on generic terms that customers who may not know your business are searching for.
  • Links to your social media accounts.
Add links to your profile or business pages set up on social media sites like Facebook, Twitter, Google+.

TLS/ SSL Certificates Explained – Why ...

SSL certificates are incredibly important if you want a safe and secure site - especially for end user reassurance. But what are they and why should you be concerned if you do not have one for your website? Confidential information can be exposed to prying eyes, hackers or cyber criminals - SSL certificates offer a line of defense against this. SSL - secure sockets layer) certificates are small data files that are digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol. This allows for secure connections between a web server to the browser. They were created to protect sensitive data in transmission. It is designed to provide security while remaining simple enough for everyday use. Typically, these certificates are used to secure credit card transactions, data transfers and logins. The SSL protocol has been traditionally used to encrypt and secure transmitted data. Each time a new and more secure version was released, only the version number changed to reflect the update. However, when the update from SSLv3.0 to the new version was released, the version was renamed to TLSv1.0. Because SSL is still the recognised name, this is what most people refer to when describing these certificates - however, you are actually likely using/getting a TLS certificate. This is important to remember if you get a third party to purchase your certificate and you would like to make sure you are getting the right version/protocol. When secured by TLS, connections have one or more of the following properties:

  • The connection is private/secure because symmetric cryptography is used to encrypt the data transmitted.
  • The identity of the communicating parties can be authenticated using public-key cryptography.
  • The connection ensures integrity because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.
What is important to also know is that browsers are going to start penalising HTTP sites from 2017. Why? Well because browsers, like Google, want to make it known to their users of sites that may be less secure or do not have a SSL certificate and are collecting sensitive information. From January 2017, Google has started flagging HTTP pages that collect passwords or credit card details as non secure. Ideally, website owners should get onto this as soon as possible and ensure that their sites are secured. Visitors have also started to expect secure sites, research has indicated that they are specifically looking out for a ‘padlock’ or secure notification. This is important to sites in general - not only websites with an online store or login portal. SSL is more than just encrypting data submissions. Have you heard about letsencrypt.org? Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). Letsencrypt.org makes certificates more accessible while guiding you with how to properly set it up.  

Upgrade Cloud9 to PHP7.1 for CakePHP 3...

We've been using https://c9.io for some time to run our training sessions for CakePHP, both the free cakephp training sessions and our standard (paid) cakephp training sessions. The service works great, but they provide a default workspace (Ubuntu 14.04 LTS and PHP 5.5.9) not compatible with the latest version of the CakePHP framework (3.4) requiring PHP 5.6+ (7+ strongly recommended). We wanted to provide an automated upgrade script for legacy cloud9 workspaces to PHP7.1 so we created a gist to upgrade the default workspace here https://gist.github.com/steinkel/4eb1cb0b67ddb92f5d5b04646f470cd5 You can execute this gist using the raw link to the script, for example source <(curl RAW_GIST_URL_HERE) Enjoy!

CakePHP API Plugin

Are you creating an API in CakePHP? This task looks very popular these days, and most of our clients need an API to expose certain services to their own rich client applications, or third party services. Even if it's easy to configure CakePHP to expose a REST API, and there are other plugins that could help you building an API, we found ourselves working on specific tweaks per project to adjust the way the API was designed, so we decided to wrap all these ideas and create a specific CakePHP API Plugin including

  • Services definition
  • Integrated CRUD
  • Nested resources
  • Pagination
  • Sorting
  • Associations
  • Versioning
  • Custom Extensions (data format / transformers)
  • Self documentation
We've gathered all the best practices around API building and CakePHP and wrapped them into an easy to install and setup Plugin to be used as the foundation of your API intensive CakePHP projects. Let's walkthru some of the Plugin features using an example application: the bookmarker tutorial http://book.cakephp.org/3.0/en/tutorials-and-examples/bookmarks/intro.html We'll assume you've already created a new CakePHP application and configured it to use the bookmarker database (schema dump here http://book.cakephp.org/3.0/en/tutorials-and-examples/bookmarks/intro.html#creating-the-database).

Setting up the CakePHP API Plugin

Download the plugin first composer require cakedc/cakephp-api:dev-master Then ensure plugin is loaded in you bootstrap.php file Plugin::load('CakeDC/Api', ['bootstrap' => true, 'routes' => true]);

Now you have an API!

Test your newly configured "default" API using curl curl -X GET http://bookmarker.dev/api/bookmarks You'll get something similar to: { "status": "success", "data": [], "pagination": { "page": 1, "limit": 20, "pages": 0, "count": 0 }, "links": [ { "name": "self", "href": "http:\/\/bookmarker.dev\/api\/bookmarks", "rel": "\/api\/bookmarks", "method": "GET" }, { "name": "bookmarks:add", "href": "http:\/\/bookmarker.dev\/api\/bookmarks", "rel": "\/api\/bookmarks", "method": "POST" } ] } If you look at the provided output you'll identify we've used a JSend default renderer (status, data) and we append some extra data under 'links' (HATEOAS dynamically generated for your CRUDs) and pagination. The specific "extensions" used can be configured and custom extensions created for your specific needs, see https://github.com/CakeDC/cakephp-api/blob/master/docs/Documentation/extensions.md We'll publish a couple tutorials soon covering some of the features implemented, and explaining how did we use the CakePHP API Plugin to address specific use cases. Meanwhile, please check the documentation here https://github.com/CakeDC/cakephp-api/blob/master/docs/Documentation/overview.md

Giving back to the community

This Plugin's development has been sponsored by the Cake Development Corporation. Contact us if you are interested in:  

Create Google app for web oauth2 login...

Here's a step by step tutorial about how to create a web oauth2 app in Google dashboard.

Google app oauth login app 1
  • Add some cool name for your new Google app project and click "Create"
Google app oauth login app 2
  • Under "Library" section, create a new Google+ API project
Google app oauth login app 3
  • Click "Enable" in the dashboard tab
Google app oauth login app 4
  • Under "Credentials" menu, click "Oauth consent screen" tab and enter some cool name to be displayed to users when requesting their access to your application. Then click "Save".
Google app oauth login app 5
  • Under "Credentials" menu, click "Create credentials" and select "Oauth client ID".
Google app oauth login app 6
  • Now click "Web application" radio, and type your domain name and oauth callback
    • Under "Authorized Javascript origins", add your domain name: mydomain.com
    • Under "Authorized redirect URIs", add all the allowed callback url's to your application. For example if you are using CakeDC/Users Plugin, you'll need to add mydomain.com/auth/google
  • Then click "Save"
Google app oauth login app 7
  • Copy the Iauth client and secret id's into your application configuration
  • Be careful, some browsers will append blank spaces to the codes, remove any extra blank space (trim)
Google app oauth login app 8
  • Ensure the API is enabled, you can test your application now and check there is "Traffic" displayed
  You have now a Google app configured to provide Oauth2 login to your web application. Enjoy!                  

Login with Google Oauth2 in CakePHP us...

This article is inspired by this question in Stack Overflow and belongs to a series of articles describing the step by step tutorial to configure CakeDC Users Plugin with the most commonly used Oauth2 providers, in this case we'll configure Google login. We'll assume you have a working CakePHP application with no Auth configured yet.

Setup

Use composer to install the CakeDC Users Plugin and the required oauth2 providers To be able to configure the callbacks in Google dashboard, you'll need to create a virtual host for you application. You don't need a working domain name, you could use something like "mydomain.dev" but Google requires a domain name (no localhost). composer require cakedc/users:@stable composer require league/oauth2-google:@stable Load it from your bootstrap.php file Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]); Run migrations to add 2 new tables: 'users' and 'social_accounts' bin/cake migrations migrate -p CakeDC/Users

Configuration

Load the Component in your src/Controller/AppController.php public function initialize() { parent::initialize(); // // ... // $this->loadComponent('CakeDC/Users.UsersAuth'); }

Create a new Google application

<?php // /config/users.php file contents $config = [ 'Users.Social.login' => true, 'OAuth.providers.google.options.clientId' => 'CLIENT_ID_HERE', 'OAuth.providers.google.options.clientSecret' => 'SECRET_HERE', ]; return $config;
  • Modify your bootstrap.php file to ensure the config file is loaded this way
Configure::write('Users.config', ['users']); //add this line before Plugin::load('CakeDC/Users... Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]); This file will override any configuration key present in the Plugin, you can check the configuration options here Configuration. If you want to use a different page as homepage, and this page requires authorization, don't forget to add a rule to permissions.php file to allow users with role 'user' to read your homepage, for example, add this content to your config/permissions.php file to enable access to your homepage <?php return [ 'Users.SimpleRbac.permissions' => [ [ 'role' => 'user', 'controller' => 'YOUR_HOMEPAGE_CONTROLLER_NAME', 'action' => 'YOUR_HOMEPAGE_ACTION_NAME', ],     // ... more rules here ]]; Now you are ready to go to your login page and click "Sign up with Google". Upon successful login, a new user will be created in your users table and related oauth2 tokens will be saved in the social_accounts table. The new user created will have the "user" role (by default, but customizable). And based on your Auth rules, this user will be able to access your site. You are done!

Read more about CakeDC Users Plugin

Giving back to the community

This Plugin's development has been sponsored by the Cake Development Corporation. Contact us if you are interested in: We hope you've enjoyed this short tutorial covering the Google login, stay tunned for new CakePHP + Users Plugin tutorials coming soon...

Towards Data Integrity: Validations an...

  Validation
Let us consider “validation” in a little more detail to see how it has been implemented and optimized in CakePHP 3.0. In addition to what we discussed in the earlier sections, validation now incorporates two complementary conceptions or areas. These include 1) data type and format validation and 2) Application rules. 1. Data Type and Format Validation This part of the validation deals structural aspects such as data type, format validation, and basic types. Unlike in previous versions, validation is applied before ORM entities are created. This is a very useful feature that ensures everything is totally in sync and set in a way that preserves data integrity and the overall stability of the entire application. Moreover, it markedly reduces application errors and inconsistencies throughout the system. It is therefore a significant enhancement over previous versions. 2. Application Rules Application rules are the second component of validation in CakePHP 3.0 implementation. They play a key role in quality control to ensure that all application rules and workflows are operating in an orderly and systematic fashion. This is implemented through buildRules() method in tables. Here is a code example that uses buildRules() method for articles table. // In src/Model/Table/ArticlesTable.php namespace App\Model\Table; use Cake\ORM\Table; use Cake\ORM\RulesChecker; class Articles extends Table {     public function buildRules(RulesChecker $rules)     {         $rules->add($rules->existsIn('user_id', 'Users'));         $rules->add(             function ($article, $options) {                 return ($article->published && empty($article->reviewer));             },             'isReviewed', [                 'errorField' => 'published',                 'message' => 'Articles must be reviewed before publishing.'             ]         );         return $rules;     } } Identifier Quoting Identifier quoting is another CakePHP feature or process that has changed in CakePHP 3.0. In the new release, quoted identifiers, which were expensive and involved a notoriously error-prone process of parsing SQL snippets has been disabled by default - thereby removing a major source of frustration for developers. The only time you may want to enable identifier quoting is when working with column names or table names with special characters or reserved words. Here is how to enable identifier quoting when configuring a connection. // In config/app.php 'Datasources' => [     'default' => [         'className' => 'Cake\Database\Driver\Mysql',         'username' => 'root',         'password' => 'super_secret',         'host' => 'localhost',         'database' => 'cakephp',         'quoteIdentifiers' => true     ] ],
Note: Identifiers in QueryExpression objects require manual quoting or IdentifierExpression objects.   Updating Behaviors Let us now turn to behaviors. As with most features that has to do with ORM, the way behaviors are setup and configured has evolved for smooth integration with the new framework. Among other things, behaviors now attach to table instances. Here are some other significant differences in the way behaviors are handled in CakePHP as compared to earlier versions. 1. Each table that uses a behavior will have its own instance. No storing of “name space” setting in a behavior is required. 2. Method signature for mixin, callback, and base class for behaviors have all changed 3. Finder methods can now be added easily by behaviors.   The above, in a nutshell, summarizes the main changes and enhancements in the new ORM and CakePHP 3.0 in general. Like all major releases or upgrades, the new release supplants many processes and functions in previous versions while at the same time adding many brand new features. But as you go through the initial learning curve, please remember that you, the developer, have been the primary driving force behind the changes and enhancements. Your feedback and critiques over the years was the invaluable source that inspired CakePHP team to produce this groundbreaking and cutting-edge release that you are reviewing.

CakePHP ORM 3.0 Unleashes New, Flexibl...

  In line with its overall goal of eliminating redundancy and increasing efficiency, the new ORM has replaced several functions in the earlier versions with newer and significantly improved functions or functionality. Among the functions affected, we will confine ourselves here to three functions, commands, or processes: 1. afterFind or virtual fields Developers of previous versions will recall how extensively they had to use afterFind callback and virtual fields to generate data properties. In the new CakePHP 3.0, this is no longer necessary and has been removed in favor of virtual properties on entities which are easier and more powerful. For example, using this method, properties can be generated on the fly to user entities with both first and last names by adding an accessor for full_name. Here is a code example. By defining accessors you can provide access to fields/properties that do not actually exist. For example if your users table has first_name and last_name you could create a method for the full name: namespace App\Model\Entity; use Cake\ORM\Entity; class User extends Entity { protected function _getFullName() { return $this->_properties['first_name'] . ' ' . $this->_properties['last_name']; } } You can access virtual fields as if they existed on the entity. The property name will be the lower case and underscored version of the method: echo $user->full_name; Do bear in mind that virtual fields cannot be used in finds. Once a code segment similar to the above has been defined, the new property can be accessed easily using $user->full_name. Moreover, you can build aggregated data sets from your results. Note also that though virtual fields no longer constitute an explicit feature of ORM, you will still be able to achieve the same result using query builder and expression objects which are more powerful and flexible. Here is a code example that will make this clear. 2. Definition of Associations Another extremely important feature introduced in CakePHP 3.0 is the use of methods to create associations. Instead of defining associations using properties like $belongsTo and $hasMany, this significant attribute uses methods that bypass the many inherent limitations of class definitions by allowing only one way of defining associations. Furthermore, the same API handles the “initialize” method and all other parts of your application code when manipulating associations. This is much more efficient and significantly improves productivity. Here is a code snippet to illustrate this. class ArticlesTable extends Table { public function initialize(array $config) { $this->belongsTo('Authors'); $this->hasMany('Comments', [ 'className' => 'Comments', 'conditions' => ['approved' => true] ]); $this->hasMany('UnapprovedComments', [ 'className' => 'Comments', 'conditions' => ['approved' => false], 'propertyName' => 'unapproved_comments' ]); } } Beside the use of methods to create associations as shown in the example above, the awkward name hasAndBelongsToMany has been renamed to belongsToMany. As if the above enhancements were not enough, CakePHP 3.0 has equipped developers with the ability to create custom association classes which will be a welcome relief as a safety valve for situations where the built-in relation types do not meet specific requirements. For more details on creating associations, please consult our section: Associations – Linking Tables together. 3. Validation Rules Validation plays a crucial role in all software development efforts but if they are to contribute to the overall productivity of the development cycle, the way they are defined and used must be straightforward and easy. When it comes to validation rules, CakePHP 3.0 team introduced an elegant solution to many problems with earlier versions through the use of Validator object to generate validation rules. With this feature, defining multiple sets of rules has become a breeze! Here is an example:   class UsersTable extends Table { public function validationPasswordConfirm(Validator $validator) { $validator ->requirePresence('password_confirm', 'create') ->notEmpty('password_confirm'); $validator->add('password', 'custom', [ 'rule' => function ($value, $context) { $confirm = Hash::get($context, 'data.password_confirm'); if (!is_null($confirm) && $value != $confirm) { return false; } return true; }, 'message' => __d('Users', 'Your password does not match your confirm password. Please try again'), 'on' => ['create', 'update'], 'allowEmpty' => false ]); return $validator; } } In Patch entity validationPasswordConfirm will be applied if is passed in ‘validate’ param.   $user = $this->Users->patchEntity($user, $this->request->data(), ['validate' => 'passwordConfirm']); What is noteworthy about the above code segment is the ability to define as many validation methods as needed. Notice how each method should be prefixed with validation and should be structured to accept a $validator argument.

How CakePHP can boost your organizatio...

  As the name suggests, CakePHP is a delightfully easy-to-use framework for rapid application development (RAD). It has evolved to become the most advanced and the most sought-after rapid application development in PHP. Part of this popularity stems from the framework’s ability to simultaneously fulfill the needs of the various stake holders to a project including business owners, project managers, developers, and system administrators. If you are a business owner, you will love CakePHP because it requires no purchasing costs and no licensing fees. Moreover, the entire development cycle from conception to development to deployment is so breathtakingly simple that it can be completed in a matter of weeks. This is possible because CakePHP, from its very inception, was designed to streamline and simplify the process of delivery. The precious time and effort that is often wasted in frantically wrestling with code to make it work can instead be redirected to building a feature-rich site. If you are a project manager, CakePHP is an answer to your projects. You will be relieved to find out that it resolves many issues that pestered you in the past. First, costing less than a fraction of what other commercial products charge, it will neatly fit your business plan whatever the size of your organization. Second, assembling a team of highly qualified developed will be easy due to the abundance of PHP developers. Third, it requires little training or coaching due to its intuitive simplicity and the lots of clear documentation that come with it. And finally, its functionality can be expanded and enhanced to meet the growing demands and needs of a project or an organization. Likewise, if you are a developer, you will find CakePHP markedly boosts your productivity and the quality of the final deliverable you hand over. Furthermore, it obviates the need for the often tedious and prone to error process of integrating different components. With CakePHP, you can have a fully functional unit in half a day or so because code generation tools do much of the work for you. From simple design and syntax to application scaffolding and code generation tools, CakePHP makes it easy for all developers regardless of skill levels to achieve quick results with minimum effort. Even developers with little or no previous web development experience will be able to learn it and figure out its syntax and conventions. Another important feature of CakePHP is its innovative implementation of “convention over configuration” concept that drastically reduces the overall size of code. This is a technique that bypasses endless configuration and setting by attributing special meaning to names given to tables, fields, directories, classes etc… To this end, CakePHP requires adherence to naming conventions. MVC is also another aspect of CakePHP that contributes to its flexibility and robustness. By dividing the system into three distinct self-contained layers according to function, CakePHP ensure the maintainability and manageability of your code. Last but not least, system administrators will appreciate the ease with which CakePHP can be installed on an existence system. A ready-made package, the framework is easy to decipher and configure. Plug-ins and third party libraries are also available for added functionality when and if needed. Additionally, it has a flexible directory structure, solid security infrastructure, and support for the most popular databases. All a system administrator need to do to get the ball rolling is to download the code; define databases, and set file permissions and, voila, the system is ready to go! The above is a brief synopsis of what CakePHP can do for you. Whether what you want is rapid prototyping or the creation of full-fledged website, you will find all the necessary tools within CakePHP. Please contact us if you have questions or need a more detailed explanation of its many features.

Migrating to CakePHP 3.0 is Easy and P...

  The prospect of migrating to a new version often sets off alarm bells in many a developer who may know or have heard of upgrade related horror stories here and there. Indeed, the concern is justified because major software releases constitute extensive and massive changes over previous versions that sometimes may lead to errors and glitches. But all major releases are not created equal. Some are better than others at managing the process. CakePHP 3.0 is a good example of the latter. In line with its overarching goal of lightening the load developers carry, it has made migration to 3.0 easy and painless. There are a number of reasons why migration to CakePHP is so different, easy, and so manageable. If you still haven't made the move to migrate to CakePHP 3, now is the time to do it! First, the minimum requirements needed to make it work are very few and very straightforward. They include: a) PHP version must be 5.4 or above b) must have mbstring and intl extensions. Note: CakePHP also features a totally new ORM that has been rebuilt from the ground up as well as numerous other enhancements that improve upon or replace previous entities. For details, please refer to the full migration guide. Second, a complete list of all new features and enhancements that the new version introduces is easily accessible and clearly presented. Third and most importantly, you are provided with an upgrade tool (a console application) for tackling the more time consuming migration tasks. What more could you ask from an upgrade? With the above in place, you have everything you need at your fingertips for a smooth and successful migration to CakePHP 3.0. Simplicity in design, development, and implementation has always been the trademark of CakePHP as many who have used the previous versions of CakePHP will attest. It is this factor more than anything else that has earned it a reputation as a framework of choice for developers in PHP.The huge number of developers that continue to use it every year and the excellent reviews it has received over the years provide ample proof to its success in this effort. CakePHP team, on the other hand, though thrilled at the success its hard work brought it, never took such triumphs for granted and never succumbed to complacency. Throughout the period between releases, the team has been actively soliciting feedback and diligently listening to the wish lists and concerns of developers while working very hard to make them a reality. The result is CakePHP 3.0 – a new version that has over the past year been silently taking the software development world by storm with its rich set of highly customizable features. If you ever liked CakePHP 2.x, we guarantee you will fall head over heels in love with CakePHP 3.0! Of course no software can ever be said to be perfect but CakePHP 3.0 is one framework version that comes close by crossing as it does new frontiers in software ingenuity and simplicity that will carry you to heights you never dreamed possible. 

10 guidelines to outsourcing web devel...

  One issue that has recently attained center stage in the business world is the debate over whether outsourcing web development is a good business strategy or not. Proponents point among other things to local shortage of highly qualified web developers and to cost savings. Critics on the other hand remain skeptical and often point to the potential loss of control over some aspects of a company’s business processes that outsourcing requires. To add to the dilemma, some use the term interchangeably with offshoring. So let us begin by defining exactly what outsourcing is and how it differs from offshoring. Outsourcing is a general term used to describe the act of delegating an entire business function or part of a business process to a third party or contractor. Despite its techie-sounding name, the idea of outsourcing, is a very ordinary one. When you don’t have money, you borrow from those that have it and when you lack talent or experience in one area, you seek it from those that have it. That is what outsourcing is all about. Businesses outsource when they determine that they either do not have the expertise they need to accomplish a given objective or, when they just want to maximize benefits and reduce cost. Outsourcing allows businesses to lower costs, take advantage of skilled experts, and to increase productivity and efficiency. Unlike offshoring, it does not imply work done in a different country and therefore does not entail the same risks inherent in offshoring such as project delivery failures due to political unrest, poor communication, and language barriers in the contractor’s country.   In this article, we will focus on outsourcing web development as a major business venture that should be carefully planned and executed. Here are 10 guidelines to help you outsource web development successfully. 1. The first thing you need to do before even considering who to partner with for your outsourcing needs is to specify exactly what business objective you want fulfilled with the finished website. Will the website be a fully functional, highly interactive website where people can conduct commercial transactions at all times of the day or will it used to simply list detailed information about the business? Do you expect the website to evolve at some point or will this development be the final rendition? In general, most websites evolve in response to changing business demands. So it is wiser to plan ahead with changes in mind. Having a clear vision of what you want the website to do for you will help the contractor and you to tailor the project to the specific long term goals of your business. 2. After defining the general business objective, consider what functionality you want the website to provide. Will the website or some parts of it require a secure login? If so, what will be the requirements or access levels? Will the website include an online demo or a forum? How about databases and calculations? 3. Specify exactly how you will measure success. The main reason why you would develop a website in the first place is to enable people to do certain tasks at your website. So you need a way to measure this and a means to evaluate success or failure when the contractor completes the project. There are many tools you can use including one free one: Google Analytics. 4. Research similar sites. Visit websites of businesses that have already created sites similar to the one you are envisioning. The goal is not to simply copy or emulate them but to learn from them. Examine the design and functionality of these websites and write your impressions about what you like and what you don’t like about them. You can also request friends or other dis-interested parties to visit these sites and give you their opinions. Additionally, read customer comments (if available) and carefully note what problems users complain about and what they like or do not like about such websites. With this knowledge under your belt, you can then craft a better website that avoids the common pitfalls and incorporates all the features visitors find valuable. This will give you a definitive edge over your competitors. 5. Prioritize your needs. It is not always possible to include all the things you want in a website due to budget, time, and other constraints. It is therefore important to begin by categorizing your needs into “must haves” and “wish to haves.” Then make sure you consider optional features only after you have budgeted for those features that you absolutely must have. 6. Prepare a brief or summary for prospective contractors. This should include a short introduction of your company; what it does; and what its overall goals are. The brief should also include the purpose of the website; who the target audience will be; anticipated functionality (ecommerce, advertising etc…); how you will evaluate success; and who will be responsible for creating and maintaining content. You should also state whether you will be doing maintenance in-house or expect the contractor to do it for you. 7. After you have completed the above steps, it is time to look for a business partner. Make phone calls to several businesses who have the expertise you need and then draw up a list of those that meet the criteria you set in your brief (step #6 above). You can then send your brief to the few you have selected along with a request for a proposal. When you receive a proposal, look over its provisions very carefully. It is more important particularly at this stage to make sure that you get the most important features you identified in step #4. Price is important of course but don’t make the mistake of focusing only on cost. Though cost saving is a major reason for outsourcing, it should never be at the expense of quality. Moreover, a well developed site will save you more money in the long run than a mediocre site. 8. Ask prospective contractors for details about the staff that will be handling your project. If you will be outsourcing the entire web development life cycle, you want to know if subject-matter experts will be managing each phase of the project. In other words, you want to know if the task will be divided in such a way that dedicated web design specialists will be doing the design phase while software developers will handle the nuts and bolts of software development. It should be noted here that there are some web developers who are also excellent web designers and vice versa. This should not be a problem and in fact can be preferable because such an expert can match development to design more easily to create a well-balanced and harmonious website. 9. Discuss a timeline for in-person or electronic progress report. How often will the prospective contractor provide you with a progress report? Does their proposal give a phased outline of what will be accomplished when? If they can’t provide a reasonable response to this, look elsewhere. 10. Finally, ask for references and check them thoroughly. Inquire about their customer service, their task completion history, and their general professionalism.   If you follow the above steps faithfully, you will be rewarded with the proven cost-saving benefits of outsourcing. Carefully managed and executed, outsourcing is a strategic business move and a great boon to all types of businesses.

CakePHP - An Open Source Framework Wit...

  Since its debut in 2005, CakePHP’s main thrust has been to make software development easy, fast, and painless. In a span of just 11 years, CakePHP proved its worth by withstanding the test of time and earning its place as the premier framework for software development. Its success in this grand effort can be gauged by how enthusiastically it has been embraced by the software community: a whopping 8 million visitors; 29,908 commits; and 30 million page views! What are the secrets behind its enduring popularity? What features and benefits account for its continued appeal? Why would anyone want to use CakePHP? These are some of the questions we will answer below. Solid and Impregnable Security Features One main reason you want to use CakePHP is for its solid security attributes. With incidents of cyber security breaches and random computer-generated-attacks at an all-time high, who isn’t worried about website security these days? Gone are the days when security used to be optional. Today, security is a mandatory feature that all websites must ensure if they are to thrive and survive. Framework support for security varies from one framework to another but CakePHP is by far the finest in security among frameworks for PHP because of its unmatched set of security tools and safeguards it incorporates. These include among other things input validation, data sanitization, SQL injection, CSRF (cross site request forgery - prevents unauthorized commands from being transferred), and XSS (cross site scripting - prevents malicious content from being delivered). It also features hashing and advanced encryption algorithms such as SHA1, SHA256, MD5, Blowfish, and Rijndael/AES-256). CakePHP Facilitates Development If security was its only strength, CakePHP would still remain a top contender. But CakePHP also excels in the ease and simplicity with which software applications can be developed. Featuring a lean MVC architecture that neatly organizes code according to function; conventions that facilitate standardization; and scaffolding and code generation tools that streamline development, CakePHP has everything you need to develop a highly functioning and trouble-free website in a very short time. Moreover, its support for all the popular and major databases such as MySQL, SQLite, PostgreSQL, and Microsoft SQL Server as well as for caching engines such as Memcached or Redis will be greeted with pleasure by all developers. Simplifies Migration and Compatibility CakePHP also makes maintaining migration path very easy for developers because tools do most of the work. Moreover, new features and updates are enumerated clearly making it easy for developers to keep abreast of the latest versions of the framework among other things. Abundant and Readily Available Documentation CakePHP's documentation is truly phenomenal! It not only provides a detailed explanation of the entire framework along with a complete API reference but also features hundreds of instructional manuals and video tutorials. Moreover, all are accessible online. Certification paths and training venues are also available for those who want to delve even deeper towards mastery. Totally Free License Best of all, CakePHP's code is open source, totally free, and available under MIT license that allows commercial use! The above list of features makes it clear that CakePHP’s popularity is earned and well deserved. No framework has ever been able to simultaneously provide so many benefits in such a short time. Please contact us if you have any questions or want to know how CakePHP can help you with your project.

CakePHP 3 Driver for Oracle Database

We are happy to announce and introduce the CakePHP 3 Driver for the Oracle Database (compatible with 11g, and 12 too). This plugin contains a fully operative Oracle 11g Driver for CakePHP 3. It's been a long awaited plugin due to the wide usage of Oracle systems in the business environment. The driver provides compatibility with various Oracle 11g and CakePHP functionality, including:

  • All the basic CRUD features to allow select/insert/update/delete rows.
  • CakePHP Pagination
  • CakePHP Bake code generation
  • CakePHP DebugKit specific tab
  • Autoincrement fields support (based on Sequence and Trigger)
  • Stored procedures and Packages (with different input and output params types including Cursors)
Code is released under MIT License here https://github.com/CakeDC/cakephp-oracle-driver Documentation available > CakePHP Oracle Database Driver We are also looking forward to introducing full migration support soon. Stay tuned for tutorials coming soon in CakeDC Blog!

The updates that CakePHP 3 brings to t...

  With a year under its belt and 34 releases, we are still in love with CakePHP 3; and some of you are already on board and loving it. With an average of nearly 3 releases a month, you can easily tell that the team is working against a rapid release cycle where they are tirelessly working at adding and improving features. - but do you know the philosophy behind it? Looking at all of the improvements and benefits that this updated framework brings, you can clearly see that the biggest turning point for the core team was the increased functionality with clear foresight and thinking brought to the table. A plan was had right from the start, to be a framework well documented, one that was simple (as the Core Team live by – less lines the better!). Another big input from the team, was the ability to integrate and make newer versions of PHP compatible with the framework, never before has the movement in the code base been so fast paced. And as the team comments, this is brought to the fore by the rotating code between open source teams – truly, we live in a space where without each other’s contributions to the code base there would be no movement and action. That is why we are in love with CakePHP 3, because the team have put forward a framework that integrates, pulls in outside assistance, accepts community help and specifically puts itself out there for the community’s input. Some quick backgrounds to the updated framework. The first commit to CakePHP 3 was done on May 24 2012, by Juan Basso. A long time coming, but as the common phrase goes, good things come with time. – that and the fact that the core team and lead developers were working in their spare time, after work, late nights, to bring this forward. We thought that we would reflect, and bring to you the top changes/improvements/benefits/total awesomeness of this framework!

  • All of the core feature development was done as pull requests. This was done intentionally, to encourage people to get involved and the main core team is distributed across the world. The community is vital to the framework, and without them, we wouldn’t be here!
  • To give you an idea of what this has meant. It ended up with over 6000 commits before launch! – from over 20 contributors.
  • CakePHP 3 documentation had over 1500 commits – from 51 contributors! – the document writing was so important to the team, every time there was a feature or a break in backwards compatibility, it was documented.
  • More big news for CakePHP 3 is that it targets PHP 5.5 and newer. It is designed with composer support (Although you don’t need to use composer). It has also required a couple of additional extensions (the mb_string and the intl extension) – this was for 2 reasons, we were handling multi-byte internally, if you didn’t have the mb_string extension, we would fall back to pure PHP code; and for internationalization - there are really powerful tools built into the language that CakePHP 2 wasn’t capitalizing on and the team wanted to leverage those tools – to give the CakePHP community better tools.
  • Now the entire CakePHP code is Unicode aware, and additionally through the intl extension, everything is localized. All of the core classes localize depending on your locale (so if you switch your locale to Germany..) – everything will work, your numbering, date formatting, language formatting (provided you have the translation file) etc.
Over above these changes (and associated benefits), a few other things came out of the cracks.. Such as, through the use of composer, you have to have separate repos for separate things - so the team created a new app skeleton, basically this is the app directory of the old framework but in a separate repo. – What this allows you to do is mold or easily customize and fork it when you want to pull in changes. You don’t have to worry about merge conflicts with the app directory or similar types of issues. It also gives us the ability to release them independently in the future, so for instance, the app can be upgraded and add or remove dependencies while having no need to modify the framework. Many of us have had that experience and confusion of configuring classes; you don’t know if it’s a property or method, or even what the method name is. Well getting more into the detailed features, we all know that there were a lot of different method names for configuring things, some classes used properties, others used methods of various names. For CakePHP 3 however, it was decided that this is a little silly, so all of the static/instance/runtime classes use one method called config (YAY!). More can be found at http://book.cakephp.org/3.0/en/development/configuration.html The ORM has also been replaced, we have moved on with the model layer, and CakePHP has advanced quite a bit over the past years. Now you have Tables and Entity objects (no more arrays!), and a powerful Query class to build your queries using a fluent interface. You'll be amazed how easy is to create deep filters, custom finders (and stacking!), subqueries. Validation was also refactored, improving flexibility and customization. The router was also noted as being a performance bottleneck for a lot of applications in the past, and it was also, somewhat, verbose when you were connecting a lot of routes. So with CakePHP 3, the old way of connecting routes is still there, but a new scope system has been added. This allows you to declare routes in a much clearer way – so if you have a common prefix, you can put this in the scope, and don’t have to re-declare this in each route. Less typing necessary, but more importantly it allows you to partition your routes so that you can create a much faster parse tree. A lot of work has also been done on fixing reverse routing, previously it was based on a linear search but now, the key parts of the route are taken (the action or controller name) and generate a list of what that route may be and then search a much smaller subset of routes. Another change is the helper layer. Previously HTML formatted through arrays, and that had both good and bad points. The team got rid of the sprintf and replaced it with a very simple templating system, that has no conditions. This lets you define templates file, and you consistently use those templates throughout. This also yields a bit of a performance gain and it doesn’t use number replacements, it uses named replacements. The way the event subsystems were handled is another change that CakePHP 3 brings to the table, allowing a much more consistent approach to handling events. The new changes have also led to another performance enhancement! The framework has also gotten some outside help - in the past CakePHP has been criticized for being insular and not making use of the existing ecosystem. This has since changed and one of the reasons was the team wanted to make the install really easy. Because composer is now being use, you can include dependencies and when you create your application or install your applications dependencies, CakePHP 3’s can be installed at the same time. CakePHP 3 has used: Chronos (A fork of Carbon) has been used for date time improvements, (but now its part of CakePHP itself and maintained by the core) Aura/Intl – improved i18n and L10n features A great wrap up to these things is the fact that the team has hugely increased functionality and features, while keeping performance constant (in most cases, actually increasing it!!). There are so many reasons that you should start and continue using CakePHP 3 but more importantly, there are so many reasons for being a part of this insanely great, collaborative community.

Cake Development Corporation - The ben...

  Cake Development Corporation was established in 2007 by Larry Masters, one of the founders of CakePHP. CakeDC provides professional development and consultancy services for a range of business needs, including startups, e-commerce and enterprise level corporations. Besides being experts behind the CakePHP framework, the team is backed by 50 years of combined experience. The team is highly talented, extremely approachable and work as a focused team when putting forward any piece of work. When the company was developed, the proposal was simple: to create a commercial entity that allows people to live and breathe CakePHP, doing what they love day-to-day, while also providing everyone with a means. Did we mention that we are based all over the world? Working remotely? – it’s one of the many benefits you sign into when working for CakeDC. We're an international team that offers commercial support and professional training for one of the most popular PHP frameworks used by developers around the world. But being based all over the world, we do look for key individuals to work with us. Some of the key aspects we look for in the ideal candidate include:

  • Good track history of Work Commitment and demonstrates good work ethic
  • Someone with full knowledge and/or experience of a full development cycle
  • Someone that demonstrates that they have good team spirit and takes initiatives
  • Ensuring they fulfill the qualifications outlined in the job post
For us at Cake Development Corporation, we feel that working remotely affords our employees a variety of benefits. Below are some of the main benefits from our team working remotely vs. being all centrally located.
  • With Remote employees we tend to have a lot more personal satisfaction which drives us to be independent.
  • Being based remotely, you obtain good results because the commitment is not pressuring for time, and being confined or distracted in a room with persons that may pose these issues.
  • We find that being a remote employee usually leads to being goal oriented and having the will to take the risk in working for as long as they want. Leaving the option be compensated for every hour of it and also doing exactly what they want.
  • Remote employees tend to be more productive as they are working in a conducive environment suited to their specific and individual needs.
At the Cake Development Corporation, we look out for employees who show
  • Discipline
  • Honesty and accountability
  • Ambitious
  • Focused
  • If Experienced, Demonstrate that experience
The distance doesn’t come in the way of getting to know our team or in the way of delivery impeccable work – with daily chats, catchups and integration tools, the team functions just like any other! CakeDC is on the forefront of modern organisations, recruiting top software developers and delivering top notch solutions to their clients! We are a dynamic company based on meritocracy, where everyone is given the opportunity to make an impact on the various levels and disciplines of the business, as well as playing a key role in the CakePHP community as the commercial entity behind the framework - the opportunity for growth is endless. And we haven’t even really gone into the real company benefits.. At CakeDC, everyone is appreciated, recognised and given the space and opportunity to grow. Some of our many benefits include:
  • 100% flexible work schedules, you are given the choice to define your hours of availability, 36 hours minimum required per week..
  • Remote working environment with an international team and clients.
  • The opportunity to Engage in paid open source projects, becoming an integral part of the development of the community. At CakeDC, all developers work 20% of their (paid development) time on open source projects.
  • Annual performance based bonuses.
  • Paid Parental Leave. Up to 16 weeks maternity leave and up to 6 weeks paternity leave, at 100% paid salary. Single fathers, or primary caregivers, can also take up to 16 weeks.
  • Available vacation time:
    • 10 days working days (not including weekends) per year. A minimum time of 12 months working at the company is required to take vacation.
    • 20 days working days (not including weekends) per year. A minimum time of 24 months working at the company is required to take vacation.
    • 30 working days (not including weekends) per year.A minimum time of 36 months working at the company is required to take vacation.
    • Christmas and New years are Company Paid Vacations.
  • Team outings and meetups – Don’t think that because this team is based internationally that we don’t know each other. We know the importance of getting together once in awhile, so we have annual meet ups!
  • A fully paid for IDE (PHPStorm) licence to assist you with our work and make your life a little easier.
So how do you know if you are right to apply to be a part of CakeDC? Well, if you aren’t shy, you know your stuff (Web application development, object orientated analysis and design, and of course, knowledge of CakePHP), are willing to put yourself out there and learn, and have a zest for life – then we are the right place for you!

CakePHP Facebook login using CakeDC Us...

The CakeDC Users Plugin provides an easy way to integrate Facebook social login into your application. Note this is the updated tutorial for the latest version of the plugin 3.1.5. This is a short how-to tutorial to enable Facebook login. We'll assume you have a brand new CakePHP 3.2+ application already setup.

Setup

Use composer to install the CakeDC Users Plugin composer require cakedc/users composer require league/oauth2-facebook:@stable Note we've upgraded to use league/oauth2 lib, and the old and not maintained opauth library was removed. Load it from your bootstrap.php file Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]); Run migrations to add 2 new tables: 'users' and 'social_accounts' bin/cake migrations migrate -p CakeDC/Users

Configuration

Load the Component in your src/Controller/AppController.php public function initialize() { parent::initialize(); // // ... // $this->loadComponent('CakeDC/Users.UsersAuth'); } login page output

Create a new Facebook application

  • Go to Facebook developers and log in
  • Create a new Facebook application new Facebook app
  • Click "website" and select some awesome name for your brand new app (yeah, some random name would work too)
  • Pick a Category, complete the quick start form, etc.
  • Once you are done, go to your newly created app and click "settings"
  • In settings, you should add your domain to "App domains" and ensure there is at least one login platform = "Website" defined
  • Copy your App ID and secret

Setup the Plugin to use your Facebook app for login

Now you have a working Facebook app configured, we are going to link the CakeDC Users Plugin to use the app for login. Update your bootstrap.php file to customize the CakeDC Users Plugin Configure::write('Users.config', ['users']); Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]); Create a new "config/users.php" file with contents return [ 'Users.Social.login' => true, 'OAuth.providers.facebook.options.clientId' => 'YOUR APP ID', 'OAuth.providers.facebook.options.clientSecret' => 'YOUR APP SECRET', //etc ]; This file will override any configuration key present in the Plugin, you can check the configuration options here Configuration. You are done! Now the "login with Facebook" link (in "/login" page) will open the Facebook login popup and connect back to your application. If the email is provided by the user, he'll be automatically registered using the default role = 'user'. If no email is provided, the user will be requested to enter an email to complete the registration process in your application. Once his email is validated (link sent via email), he'll be able to login using Facebook.

Read more about CakeDC Users Plugin

Giving back to the community

This Plugin's development has been sponsored by the Cake Development Corporation. Contact us if you are interested in:
  • Professional, commercial CakePHP development and consultancy
  • Professional CakePHP training
  • CakePHP code reviews
We hope you've enjoyed this short tutorial covering the Facebook login, stay tunned for new CakePHP + Users Plugin tutorials coming soon...  

CakeDC Users Plugin for CakePHP 3 - Up...

Welcome to our updated tutorial covering the new CakeDC Users Plugin for CakePHP 3. In this tutorial we'll setup and configure the Plugin, introducing some of the available features. Note this is the updated tutorial for the latest version of the plugin 3.1.5. We'll assume you are starting a new CakePHP 3.2.x application, with some existing tables (blog site maybe?).

Setup

Easy thing, let's use composer to install the CakeDC Users Plugin composer require cakedc/users Now ensure the Plugin is loaded from your bootstrap.php file Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]); Create some tables to store the users in your database bin/cake migrations migrate -p CakeDC/Users This migration will create 2 tables into your database, "users" where the users and credentials are stored, and "social_accounts" where the tokens for the social login feature will be stored and managed. Now you can register a new user (ensure your CakePHP is able to send emails to get your validation link correctly), or you could use the provided shell to create new users from the command line bin/cake users addSuperuser output for the shell command to generate new superuser This new super user will be granted full administrative permissions (check the src/Auth/SuperuserAuthorize class for more details and configuration)

Configuration

Load the Component in your src/Controller/AppController.php public function initialize() { parent::initialize(); // // ... // $this->loadComponent('CakeDC/Users.UsersAuth'); } login page output Now you have the Plugin installed and a brand new superuser granted with full permissions, it's time to configure permissions for the rest of the roles you'll need.

Simple role based permission rules

By default, the CakeDC Users Plugin allow users to register, and all new users are assigned role = 'user' by default. Note you can change the default role name assigned to new users, but we'll keep the 'user' role for now. Let's assume you have some controller with a couple actions you want to allow, for example "/posts/view/*" We are going to configure SimpleRBAC to allow the role = 'user' accessing the 'view' action: Create a new file "config/permissions.php" with the following contents return [ 'Users.SimpleRbac.permissions' => [ [ 'role' => 'user', 'controller' => 'Posts', 'action' => ['view'], ], ] ]; Now you've defined your first permission rule, allowing users with role = 'user' to access the /posts/view action, note you can use wildcards '*', and arrays to cofigure your rules. Cool, so now you have users in your application, allowing new users to register, validate their emails, login, change password, and use cookies to remember login. In our next short tutorial we'll cover Facebook login and Twitter login.

Ownership

What about ownership? We are talking about posts, and possibly you'll need to allow the post author to edit his own post, the good news: this is super easy with CakeDC Users Plugin. We'll assume you have a user_id column in your posts table to support the association Posts belongsTo Users. Add a new rule to allow only the owner of a given post to edit it. Update your permissions.php file, adding this rule: use Cake\ORM\TableRegistry; use CakeDC\Users\Auth\Rules\Owner; return [ 'Users.SimpleRbac.permissions' => [ [ 'role' => 'user', 'controller' => 'Posts', 'action' => ['view'], ], [ 'role' => 'user', 'controller' => 'Posts', 'action' => ['edit', 'delete'], 'allowed' => new Owner(), ], ] ]; And we're done, you've configured ownership permissions for your ['edit', 'delete'] actions. Check other examples in the CakeDC Users Plugin Docs

Read more about CakeDC Users Plugin

Giving back to the community

This Plugin's development has been sponsored by the Cake Development Corporation. Contact us if you are interested in: We'll continue working on our open source plugins (like this one) to give back to the amazing CakePHP Community!  

We Bake with CakePHP