Allow using nested role config.

docs/Authorization.md

@@ -118,8 +118,9 @@ Multi words like `Super Admin` would be `super-admin` etc.
 ### Single-role
 
 When using the single-role-per-user model TinyAuth expects your Users model to
-contain an column named ``role_id``. If you prefer to use another column name
+contain a column named ``role_id``. If you prefer to use another column name
 simply specify it using the ``roleColumn`` configuration option.
+If it is a nested relationship of sort, you can use the dot notation to specify the path, e.g. `Role.id`.
 
 The ``roleColumn`` option is also used on pivot table in a multi-role setup.
 

src/Auth/AclTrait.php

@@ -524,6 +524,16 @@ protected function _getUserRoles(ArrayAccess|array $user) {
 				throw new CakeException('Invalid TinyAuth config, `roleColumn` config missing.');
 			}
 
+			// Check if the roleColumn is a dot notation path
+			if (str_contains($roleColumn, '.')) {
+				$role = Hash::get($user, $roleColumn);
+				if (!$role) {
+					throw new CakeException(sprintf('Missing TinyAuth role id field (%s) in user session', 'Auth.User.' . $roleColumn));
+				}
+
+				return $this->_mapped([$role]);
+			}
+
 			if (!array_key_exists($roleColumn, (array)$user)) {
 				throw new CakeException(sprintf('Missing TinyAuth role id field (%s) in user session', 'Auth.User.' . $this->getConfig('roleColumn')));
 			}

tests/TestCase/Controller/Component/AuthUserComponentTest.php

@@ -490,4 +490,18 @@ public function testHasRoles() {
 		$this->assertTrue($this->AuthUser->hasRoles([1, 3, 5], false, [1, 3, 5]));
 	}
 
+	/**
+	 * @return void
+	 */
+	public function testHasRoleHash() {
+		$this->AuthUser->setConfig('roleColumn', 'Role.id');
+
+		$user = ['id' => '1', 'Role' => ['id' => '1']];
+		$identity = new Identity($user);
+		$this->AuthUser->getController()->setRequest($this->AuthUser->getController()->getRequest()->withAttribute('identity', $identity));
+
+		$this->assertTrue($this->AuthUser->hasRole(1));
+		$this->assertFalse($this->AuthUser->hasRole(3));
+	}
+
 }