Fix up docs.

dereuromark · dereuromark · commit 5a5bd2d2c103 · 2025-11-10T20:26:49.000+01:00
diff --git a/README.md b/README.md
@@ -12,9 +12,9 @@ A CakePHP plugin to handle authentication and user authorization the easy way.
 
 This branch is for **CakePHP 5.1+**. For details see [version map](https://github.com/dereuromark/cakephp-tinyauth/wiki#cakephp-version-map).
 
-## Why use TinyAuth as a wrapper for Authentication/Authorization plugins?
+## Why use TinyAuth?
 
-TinyAuth now acts as a powerful wrapper around CakePHP's official Authentication and Authorization plugins, providing significant advantages:
+**TinyAuth is a wrapper plugin** that extends CakePHP's official Authentication and Authorization plugins, providing significant advantages:
 
 ### 🚀 Zero-Code Configuration
 - **INI-based setup**: Define all your authentication and authorization rules in simple INI files
@@ -113,19 +113,32 @@ echo $this->AuthUser->postLink('Delete', ['action' => 'delete', $id], ['confirm'
 ```
 
 ## Installation
-Including the plugin is pretty much as with every other CakePHP plugin:
+
+### Required Dependencies
+
+TinyAuth acts as a wrapper around CakePHP's official Authentication and Authorization plugins. You need to install them first:
+
+```bash
+# Required for authentication features
+composer require cakephp/authentication
+
+# Required for authorization features
+composer require cakephp/authorization
+```
+
+Then install TinyAuth:
 
 ```bash
 composer require dereuromark/cakephp-tinyauth
 ```
 
-Then, to load the plugin:
+Finally, load the plugin:
 
 ```sh
 bin/cake plugin load TinyAuth
 ```
 
-That's it. It should be up and running.
+**Note:** The AuthUser component and helper can work standalone with any authentication solution. For the main TinyAuth.Authentication and TinyAuth.Authorization components, the official plugins are required dependencies.
 
 ## Docs
 For setup and usage see [Docs](/docs).
diff --git a/docs/Authentication.md b/docs/Authentication.md
@@ -1,7 +1,10 @@
 # TinyAuth Authentication
 The fast and easy way for user authentication in CakePHP applications.
 
-Use TinyAuth Component if you want to add instant (and easy) action whitelisting to your application.
+**IMPORTANT:** This component wraps the official CakePHP Authentication plugin.
+You must install it first - see [AuthenticationPlugin.md](AuthenticationPlugin.md).
+
+Use TinyAuth Authentication Component if you want to add instant (and easy) INI-based action whitelisting to your application.
 You can allow/deny per controller action or with wildcards also per controller and more.
 
 ## Basic Features
@@ -147,42 +150,18 @@ By default, it will not use caching in debug mode, though.
 
 To modify the caching behavior set the ``autoClearCache`` configuration option:
 ```php
-$this->loadComponent('TinyAuth.Auth', [
-    'autoClearCache' => true|false
-)]
-```
-
-## Multi Column authentication
-Often times you want to allow logging in with either username or email.
-In this case you can use the built-in adapter for it:
-
-```php
-'authenticate' => [
-    'TinyAuth.MultiColumn' => [
-        'fields' => [
-            'username' => 'login',
-            'password' => 'password',
-        ],
-        'columns' => ['username', 'email'],
-        'userModel' => 'Users',
-    ],
-],
-```
-which you can pass in to Auth component as options.
-
-Your form would then contain e.g.
-```php
-echo $this->Form->control('login', ['label' => 'Your username or email']);
-echo $this->Form->control('password', ['autocomplete' => 'off']);
+$this->loadComponent('TinyAuth.Authentication', [
+    'autoClearCache' => true|false,
+]);
 ```
 
 ## Configuration
 
 TinyAuth Authentication component supports the following configuration options.
 
-Option | Type | Description
-:----- | :--- | :----------
-autoClearCache|bool|True will generate a new ACL cache file every time.
-allowFilePath|string|Full path to the INI file. Can also be an array of paths. Defaults to `ROOT . DS . 'config' . DS`.
-allowFile|string|Name of the INI file. Defaults to `auth_allow.ini`.
-allowAdapter|string|Class name, defaults to `IniAllowAdapter::class`.
+ Option         | Type   | Description
+:---------------|:-------|:---------------------------------------------------------------------------------------------------
+ autoClearCache | bool   | True will generate a new ACL cache file every time.
+ allowFilePath  | string | Full path to the INI file. Can also be an array of paths. Defaults to `ROOT . DS . 'config' . DS`.
+ allowFile      | string | Name of the INI file. Defaults to `auth_allow.ini`.
+ allowAdapter   | string | Class name, defaults to `IniAllowAdapter::class`.
diff --git a/docs/AuthenticationPlugin.md b/docs/AuthenticationPlugin.md
@@ -2,6 +2,18 @@
 
 Support for [Authentication plugin](https://github.com/cakephp/authentication) usage.
 
+## Installation
+
+First, you need to install the official CakePHP Authentication plugin:
+
+```bash
+composer require cakephp/authentication
+```
+
+See the [official Authentication plugin documentation](https://book.cakephp.org/authentication/2/en/index.html) for more details.
+
+## Setup
+
 Instead of the core Auth component you load the Authentication component:
 
 ```php
diff --git a/docs/Authorization.md b/docs/Authorization.md
@@ -1,7 +1,9 @@
 # TinyAuth Authorization
 The fast and easy way for user authorization in CakePHP applications.
 
-Enable TinyAuth Authorize if you want to add instant (and easy) role
+**IMPORTANT:** This component wraps the official CakePHP Authorization plugin. You must install it first - see [AuthorizationPlugin.md](AuthorizationPlugin.md).
+
+Enable TinyAuth Authorization if you want to add instant (and easy) INI-based role
 based access control (RBAC) to your application.
 
 ## Basic Features
@@ -18,41 +20,23 @@ frontend yourself)
 
 ## Enabling
 
-Assuming you already have authentication set up correctly you can enable
-authorization in your controller's `beforeFilter()` method like this example:
+**IMPORTANT:** You must first install and configure the official Authorization plugin. See [AuthorizationPlugin.md](AuthorizationPlugin.md) for complete setup instructions.
 
-**DEPRECATED** Use middleware approach and `TinyAuth.Authorization` instead. Rest of the page is accurate.
+Load the Authorization component in your controller:
 
 ```php
 // src/Controller/AppController
 
 public function initialize() {
     parent::initialize();
 
-    $this->loadComponent('TinyAuth.Auth', [
-        'authorize' => [
-            'TinyAuth.Tiny' => [
-                ...
-            ],
-            ...
-        ]
+    $this->loadComponent('TinyAuth.Authorization', [
+        ...
     ]);
 }
 ```
-TinyAuth Authorize can be used in combination with any [CakePHP Authentication Type](http://book.cakephp.org/3.0/en/controllers/components/authentication.html#choosing-an-authentication-type), as well.
 
-
-Please note that `TinyAuth.Auth` replaces the default CakePHP `Auth` component. Do not try to load both at once.
-You can also use the default one, if you only want to use ACL (authorization):
-```php
-    $this->loadComponent('Auth', [
-        'authorize' => [
-            'TinyAuth.Tiny' => [
-                ...
-            ]
-        ]
-    ]);
-```
+The TinyAuth.Authorization component extends the official `cakephp/authorization` plugin and adds INI-based access control on top of it.
 
 
 ## Roles
@@ -279,38 +263,38 @@ By default it will not use caching in debug mode, though.
 
 To modify the caching behavior set the ``autoClearCache`` configuration option:
 ```php
-'TinyAuth.Tiny' => [
-    'autoClearCache' => true|false
-]
+$this->loadComponent('TinyAuth.Authorization', [
+    'autoClearCache' => true|false,
+]);
 ```
 
 ## Configuration
 
 TinyAuthorize adapter supports the following configuration options.
 
-Option | Type | Description
-:----- | :--- | :----------
-roleColumn|string|Name of column in user table holding role id (used for foreign key in users table in a single role per user setup, or in the pivot table on multi-roles setup)
-userColumn|string|Name of column in pivot table holding role id (only used in pivot table on multi-roles setup)
-aliasColumn|string|Name of the column for the alias in the role table
-idColumn|string|Name of the ID Column in users table
-rolesTable|string|Name of Configure key holding all available roles OR class name of roles database table
-usersTable|string|Class name of the users table.
-pivotTable|string|Name of the pivot table, for a multi-group setup.
-rolesTablePlugin|string|Name of the plugin for the roles table, if any.
-pivotTablePlugin|string|Name of the plugin for the pivot table, if any.
-multiRole|bool|True will enable multi-role/HABTM authorization (requires a valid join table).
-superAdminRole|int|Id of the super admin role. Users with this role will have access to ALL resources.
-superAdmin|int or string|Id/name of the super admin. Users with this id/name will have access to ALL resources. null/0/'0' disable it.
-superAdminColumn|string|Column of super admin in user table. Default is idColumn option.
-authorizeByPrefix|bool/array|If prefixed routes should be auto-handled by their matching role name or a prefix=>role map.
-allowLoggedIn|bool|True will give authenticated users access to all resources except those using the `protectedPrefix`.
-protectedPrefix|string/array|Name of the prefix(es) used for admin pages. Defaults to `Admin`.
-autoClearCache|bool|True will generate a new ACL cache file every time.
-aclFilePath|string|Full path to the auth_acl.ini. Can also be an array of multiple paths. Defaults to `ROOT . DS . 'config' . DS`.
-aclFile|string|Name of the INI file. Defaults to `auth_acl.ini`.
-aclAdapter|string|Class name, defaults to `IniAclAdapter::class`.
-includeAuthentication|bool|Set to true to include public auth access into hasAccess() checks. Note, that this requires Configure configuration.
+ Option                | Type          | Description
+:----------------------|:--------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------
+ roleColumn            | string        | Name of column in user table holding role id (used for foreign key in users table in a single role per user setup, or in the pivot table on multi-roles setup)
+ userColumn            | string        | Name of column in pivot table holding role id (only used in pivot table on multi-roles setup)
+ aliasColumn           | string        | Name of the column for the alias in the role table
+ idColumn              | string        | Name of the ID Column in users table
+ rolesTable            | string        | Name of Configure key holding all available roles OR class name of roles database table
+ usersTable            | string        | Class name of the users table.
+ pivotTable            | string        | Name of the pivot table, for a multi-group setup.
+ rolesTablePlugin      | string        | Name of the plugin for the roles table, if any.
+ pivotTablePlugin      | string        | Name of the plugin for the pivot table, if any.
+ multiRole             | bool          | True will enable multi-role/HABTM authorization (requires a valid join table).
+ superAdminRole        | int           | Id of the super admin role. Users with this role will have access to ALL resources.
+ superAdmin            | int or string | Id/name of the super admin. Users with this id/name will have access to ALL resources. null/0/'0' disable it.
+ superAdminColumn      | string        | Column of super admin in user table. Default is idColumn option.
+ authorizeByPrefix     | bool/array    | If prefixed routes should be auto-handled by their matching role name or a prefix=>role map.
+ allowLoggedIn         | bool          | True will give authenticated users access to all resources except those using the `protectedPrefix`.
+ protectedPrefix       | string/array  | Name of the prefix(es) used for admin pages. Defaults to `Admin`.
+ autoClearCache        | bool          | True will generate a new ACL cache file every time.
+ aclFilePath           | string        | Full path to the auth_acl.ini. Can also be an array of multiple paths. Defaults to `ROOT . DS . 'config' . DS`.
+ aclFile               | string        | Name of the INI file. Defaults to `auth_acl.ini`.
+ aclAdapter            | string        | Class name, defaults to `IniAclAdapter::class`.
+ includeAuthentication | bool          | Set to true to include public auth access into hasAccess() checks. Note, that this requires Configure configuration.
 
 ## AuthUser Component
 Add the AuthUserComponent and you can easily check permissions inside your controller scope:
diff --git a/docs/AuthorizationPlugin.md b/docs/AuthorizationPlugin.md
@@ -2,6 +2,18 @@
 
 Support for [Authorization plugin](https://github.com/cakephp/authorization) usage.
 
+## Installation
+
+First, you need to install the official CakePHP Authorization plugin:
+
+```bash
+composer require cakephp/authorization
+```
+
+See the [official Authorization plugin documentation](https://book.cakephp.org/authorization/2/en/index.html) for more details.
+
+## Setup
+
 Instead of the core Auth component you load the Authorization component:
 
 ```php
diff --git a/docs/Multi-role.md b/docs/Multi-role.md
@@ -1,5 +1,7 @@
 ## Configuration Multi-role
 
+**IMPORTANT:** First install the official plugins as described in [docs/README.md](README.md#required-dependencies)
+
 ```php
 // in your app.php
 'TinyAuth' => [
@@ -9,13 +11,18 @@
 
 ```php
 // in your AppController.php
-$this->loadComponent('TinyAuth.Auth', [
-    'autoClearCache' => true,
-    'authorize' => ['TinyAuth.Tiny'],
-    ...
-]);
+public function initialize() {
+    parent::initialize();
+
+    $this->loadComponent('TinyAuth.Authentication');
+    $this->loadComponent('TinyAuth.Authorization', [
+        'autoClearCache' => true,
+    ]);
+}
 ```
 
+See [AuthenticationPlugin.md](AuthenticationPlugin.md) and [AuthorizationPlugin.md](AuthorizationPlugin.md) for complete middleware setup instructions.
+
 ### auth_allow.ini
 ```ini
 // in config folder
diff --git a/docs/README.md b/docs/README.md
