Allow using nested role config. (#157)

dereuromark · web-flow · commit 187ed5043781 · 2025-07-16T15:12:20.000+02:00
* Allow using nested role config.

* Add test.

* Add test.
diff --git a/docs/Authorization.md b/docs/Authorization.md
@@ -118,8 +118,9 @@ Multi words like `Super Admin` would be `super-admin` etc.
 ### Single-role
 
 When using the single-role-per-user model TinyAuth expects your Users model to
-contain an column named ``role_id``. If you prefer to use another column name
+contain a column named ``role_id``. If you prefer to use another column name
 simply specify it using the ``roleColumn`` configuration option.
+If it is a nested relationship of sort, you can use the dot notation to specify the path, e.g. `Role.id`.
 
 The ``roleColumn`` option is also used on pivot table in a multi-role setup.
 
diff --git a/src/Auth/AclTrait.php b/src/Auth/AclTrait.php
@@ -524,6 +524,16 @@ protected function _getUserRoles(ArrayAccess|array $user) {
 				throw new CakeException('Invalid TinyAuth config, `roleColumn` config missing.');
 			}
 
+			// Check if the roleColumn is a dot notation path
+			if (str_contains($roleColumn, '.')) {
+				$role = Hash::get($user, $roleColumn);
+				if (!$role) {
+					throw new CakeException(sprintf('Missing TinyAuth role id field (%s) in user session', 'Auth.User.' . $roleColumn));
+				}
+
+				return $this->_mapped([$role]);
+			}
+
 			if (!array_key_exists($roleColumn, (array)$user)) {
 				throw new CakeException(sprintf('Missing TinyAuth role id field (%s) in user session', 'Auth.User.' . $this->getConfig('roleColumn')));
 			}
diff --git a/tests/TestCase/Controller/Component/AuthUserComponentTest.php b/tests/TestCase/Controller/Component/AuthUserComponentTest.php
@@ -490,4 +490,18 @@ public function testHasRoles() {
 		$this->assertTrue($this->AuthUser->hasRoles([1, 3, 5], false, [1, 3, 5]));
 	}
 
+	/**
+	 * @return void
+	 */
+	public function testHasRoleHash() {
+		$this->AuthUser->setConfig('roleColumn', 'Role.id');
+
+		$user = ['id' => '1', 'Role' => ['id' => '1']];
+		$identity = new Identity($user);
+		$this->AuthUser->getController()->setRequest($this->AuthUser->getController()->getRequest()->withAttribute('identity', $identity));
+
+		$this->assertTrue($this->AuthUser->hasRole(1));
+		$this->assertFalse($this->AuthUser->hasRole(3));
+	}
+
 }
