Integration between laminas-authentication, lmcuser and lmc_rbac

Hi,

I’m having some trouble connecting a bunch of components together. I think I’m pretty close but I’m presumably declaring the reference to the authentication factory incorrectly.

• laminas-session is installed
• laminas-authentication is installed
• lmc user is installed (and I can register and login, and it’s SQL database driven)
• lmc rbac and lmc rbac mvc is installed

When I attempt to check whether access exists, the getIdentities() method in AuthorizationService runs a method called getIdentityRoles() which finds users, rather than the Identity Interface it is after.

Call to check permission in AlbumController:

if (!$this->authorizationService->isGranted('delete')) {

Which calls

$roles = $this->roleService->getIdentityRoles();

Which fails in

 if (!$identity instanceof IdentityInterface) {
            throw new Exception\RuntimeException(sprintf(
                'LmcRbacMvc expects your identity to implement LmcRbacMvc\Identity\IdentityInterface, "%s" given',
                is_object($identity) ? get_class($identity) : gettype($identity)
            ));
        }

I suspect it is because when I’m defining the AuthenticationService per the LMC documentation, I’m assigning the incorrect Factory, and although its the only class that seems to allow the rest of the page to function without throwing a service create error, is likely the problem:

    'service_manager' => [
        'factories' => [
            'Application\Db\WriteAdapter' => AdapterAbstractServiceFactory::class,
            'Album\Model\Album' => ReflectionBasedAbstractFactory::class,
            'Laminas\Authentication\AuthenticationService' => AuthenticationService::class,  // THIS GUY
        ],
    ],

The actual error

/data/sites/portal-development/vendor/lm-commons/lmc-rbac-mvc/src/Service/RoleService.php:138

Message:
LmcRbacMvc expects your identity to implement LmcRbacMvc\Identity\IdentityInterface, "LmcUser\Entity\User" given

In the LMC RBAC examples, it talks about creating a function, but I get errors when I put anything in this function:

'Laminas\Authentication\AuthenticationService' => function($sm) {
      // Create your authentication service!
}

In the description, it says:

The identity given by `Laminas\Authentication\AuthenticationService` must implement `LmcRbacMvc\Identity\IdentityInterface` . Note that the default identity provided with Laminas does not implement this interface, and neither does the LmcUser suite.

But I am unsure how to do that.

Hopefully, I have provided enough information and context. It feels so close I can taste it! Once I get this solved all components should work for role-based protection with user identity, registration and session management all mixed in together, but apparently, I am out of my depth!

Hi @medge,

I would suggest not mingling different tutorials into one project of yours. If you want to integrate Laminas-authentication then LmcUser has used it and you don’t need your own. As for LmcRbacMvc, it is a very robust service which helps in providing additional check and balance over page access.

As for your question regarding the IsGranted method, it is an additional check and balance I’ve talked about when accessing a page on your website. For that, you’ve to configure it and I don’t know if you’ve done that. I would suggest reading this page to understand the concept of the IsGranted method. I hope it helps.

I’m not doing specifically anything with the laminas-authentication side - it was just installed first - so perhaps that’s a red herring in my instance.

I’ll work through the cookbook example for LmcRbacMvc + LmcUser and see where I end up. I have configured it, just perhaps not correctly. I notice that the start of the cookbook example works around doctrine, but looks like the tail end is the one without Doctrine, so I’ll start there.

Thanks for the help,
Cheers
Martin.

In that config block Laminas expects something like
AuthenticationService::class => AuthenticationServiceFactory::class

You may want to read up on that here: