Add roleIdColumn config for UUID-based role systems (#163)

dereuromark · web-flow · commit 2cf447c54be6 · 2026-03-18T03:52:10.000+01:00
* Add roleIdColumn config for UUID-based role systems

When using UUIDs as role identifiers instead of integer IDs, the
hardcoded 'id' column in _getRolesFromDb() prevented proper role
lookups from the database.

This adds a new 'roleIdColumn' config option (defaults to 'id') that
allows specifying the column used as the role identifier when reading
roles from the database table.

Example for UUID-based systems:
```php
'TinyAuth' =&gt; [
    'roleColumn' =&gt; 'Role.uuid',
    'roleIdColumn' =&gt; 'uuid',
    'aliasColumn' =&gt; 'slug',
]
```

* Fix PHPStan: update type annotations for UUID support

* Fix remaining PHPStan type annotations
diff --git a/docs/Authorization.md b/docs/Authorization.md
@@ -407,6 +407,7 @@ TinyAuthorize adapter supports the following configuration options:
 | roleColumn            | string        | Name of column in user table holding role id (used for foreign key in users table in a single role per user setup, or in the pivot table on multi-roles setup) |
 | userColumn            | string        | Name of column in pivot table holding role id (only used in pivot table on multi-roles setup)                                                                  |
 | aliasColumn           | string        | Name of the column for the alias in the role table                                                                                                             |
+| roleIdColumn          | string        | Name of the primary key column in roles table. Defaults to `id`. Set to `uuid` for UUID-based role systems.                                                    |
 | idColumn              | string        | Name of the ID Column in users table                                                                                                                           |
 | rolesTable            | string        | Name of Configure key holding all available roles OR class name of roles database table                                                                        |
 | usersTable            | string        | Class name of the users table.                                                                                                                                 |
diff --git a/src/Auth/AclTrait.php b/src/Auth/AclTrait.php
@@ -25,7 +25,7 @@ trait AclTrait {
 	protected $_acl;
 
 	/**
-	 * @var array<int>|null
+	 * @var array<int|string>|null
 	 */
 	protected $_roles;
 
@@ -261,7 +261,7 @@ protected function _prefixesFromRoles(array $roles) {
 	 * @param string $prefix
 	 * @param array<string> $prefixMap
 	 * @param array<string, int|string> $userRoles
-	 * @param array<int> $availableRoles
+	 * @param array<string, int|string> $availableRoles
 	 *
 	 * @return bool
 	 */
@@ -444,7 +444,7 @@ protected function _constructIniKey($params): ?string {
 	 * Configure first, tries database roles table next.
 	 *
 	 * @throws \Cake\Core\Exception\CakeException
-	 * @return array<string, int> List with all available roles
+	 * @return array<string, int|string> List with all available roles
 	 */
 	protected function _getAvailableRoles() {
 		if ($this->_roles !== null) {
@@ -492,19 +492,20 @@ protected function _getAvailableRoles() {
 	 *
 	 * @throws \Cake\Core\Exception\CakeException
 	 *
-	 * @return array<int>
+	 * @return array<int|string>
 	 */
 	protected function _getRolesFromDb(string $rolesTableKey): array {
 		try {
 			$rolesTable = TableRegistry::getTableLocator()->get($rolesTableKey);
-			$result = $rolesTable->find()->formatResults(function (ResultSetInterface $results) {
-				return $results->combine($this->getConfig('aliasColumn'), 'id');
+			$roleIdColumn = $this->getConfig('roleIdColumn') ?: 'id';
+			$result = $rolesTable->find()->formatResults(function (ResultSetInterface $results) use ($roleIdColumn) {
+				return $results->combine($this->getConfig('aliasColumn'), $roleIdColumn);
 			});
 		} catch (RuntimeException $e) {
 			throw new CakeException('Invalid roles config: DB table `' . $rolesTableKey . '` cannot be found/accessed (`' . $e->getMessage() . '`).', null, $e);
 		}
 
-		/** @var array<int> */
+		/** @var array<int|string> */
 		return $result->toArray();
 	}
 
diff --git a/src/Utility/Config.php b/src/Utility/Config.php
@@ -32,6 +32,7 @@ class Config {
 		'roleColumn' => 'role_id', // Foreign key for the Role ID in users table or in pivot table
 		'userColumn' => 'user_id', // Foreign key for the User id in pivot table. Only for multi-roles setup
 		'aliasColumn' => 'alias', // Name of column in roles table holding role alias/slug
+		'roleIdColumn' => 'id', // Primary key column in roles table (allows using 'uuid' for UUID-based systems)
 		'rolesTable' => 'Roles', // name of Configure key holding available roles OR class name of roles table
 		'usersTable' => 'Users', // name of the Users table
 		'pivotTable' => null, // Should be used in multi-roles setups
diff --git a/src/Utility/TinyAuth.php b/src/Utility/TinyAuth.php
@@ -27,7 +27,7 @@ public function __construct(array $config = []) {
 	}
 
 	/**
-	 * @return array<int>
+	 * @return array<string, int|string>
 	 */
 	public function getAvailableRoles() {
 		$roles = $this->_getAvailableRoles();

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ public function __construct(array $config = []) {`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`/**`
`30`		`- * @return array<int>`
	`30`	`+ * @return array<string, int\|string>`
`31`	`31`	`*/`
`32`	`32`	`public function getAvailableRoles() {`
`33`	`33`	`$roles = $this->_getAvailableRoles();`