Thanks to visit codestin.com
Credit goes to github.com

Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: dereuromark/cakephp-tinyauth
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 5.2.0
Choose a base ref
...
head repository: dereuromark/cakephp-tinyauth
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5.3.0
Choose a head ref
  • 10 commits
  • 26 files changed
  • 2 contributors

Commits on May 9, 2026

  1. Point composer.json homepage at the VitePress docs site

    Packagist already shows the GitHub repo under Source; the homepage
    field is more useful pointing at the dedicated docs site.
    dereuromark committed May 9, 2026
    Configuration menu
    Copy the full SHA
    8aa1555 View commit details
    Browse the repository at this point in the history

Commits on May 11, 2026

  1. Apply cache prefix, drop vendored Folder, tighten route-slot matchers (

    …#169)
    
    * Apply cache prefix, drop vendored Folder, tighten route-slot matchers
    
    Cache::key() never applied the configured cachePrefix, so two TinyAuth
    installs sharing a Cake cache pool collided on the bare `acl` / `allow`
    keys. Multi-tenant or test environments where Cache pools survive across
    plugin boots could read another install's permissions data. The prefix
    is now applied, yielding `tiny_auth_acl` / `tiny_auth_allow` by default.
    Apps that set a custom or empty prefix work as written. Existing caches
    under the old bare keys go cold once and repopulate on next request.
    
    Removed src/Filesystem/Folder.php — a vendored 946-line copy of the
    legacy CakePHP Folder class that the rest of the framework deleted long
    ago. Internally it was used only to scan controller directories from
    Syncer and Adder; replaced with a local _listDirectory(...) using
    scandir() that returns the same [folders, files] shape, so the
    $folderContent[0] / $folderContent[1] callsites work unchanged. Two
    test files used Folder::copy() to seed /tmp; replaced with a
    RecursiveDirectoryIterator-based copyDirectory() helper in each test.
    
    AclTrait::_isPublic and AllowTrait::_getAllowRule mixed isset() with
    !empty() to compare plugin/prefix slots between request and rule. The
    mismatch swallowed PHP-falsy values ('0', empty string) where it
    shouldn't and treated them inconsistently between the two sides.
    Extracted a _matchesRouteSlot / _matchesAllowSlot helper that treats
    null and empty-string as the "no plugin / no prefix" sentinel and
    requires exact match otherwise. Also replaced two strpos(..., $needle)
    === 0 calls with str_starts_with for clarity (PHP 8 has it natively).
    
    3 new tests cover the cache-prefix application: default prefix, custom
    prefix, empty prefix yields bare key. All 118 tests, phpstan, and phpcs
    pass.
    
    * Skip dotfiles in _listDirectory and broaden coverage for #169 review
    
    Addresses two PR-review concerns:
    
    1. _listDirectory() in Syncer/Adder must skip hidden entries (.git, .svn,
       .DS_Store, ...) the way the previously-vendored Folder::read did.
       Adding 'is the first char a dot' to the existing '.'/'..' filter
       restores the prior behavior — without this, the scan would recurse
       into editor/VCS metadata directories and potentially pick up
       controller-shaped files inside them.
    
    2. Codecov flagged Adder.php at 0% patch coverage and AclTrait at 61%.
       Adder's controller-discovery loop was previously only reachable via
       the AddCommand integration test, and the trait's new _matchesRouteSlot
       helper had no direct coverage. Added:
    
       - SyncCommandTest::testSyncSkipsHiddenDirectories and
         AddCommandTest::testAddSkipsHiddenDirectories — drop a .git /
         .svn directory with a controller-shaped file in tmp, run the
         command, assert the controller name doesn't surface in output.
         This exercises Adder._listDirectory and Syncer._listDirectory
         with hidden-entry rejection in the same path.
       - AclTraitRouteSlotMatcherTest — anonymous classes hosting AclTrait
         and AllowTrait expose the protected matchers via a thin wrapper,
         plus a 11-row dataProvider covers all (null, '', value) crossings
         including the 'distinct types must not collapse' case the previous
         !empty() implementation got wrong.
    
    phpunit (145/145), phpstan, and phpcs all pass.
    dereuromark authored May 11, 2026
    Configuration menu
    Copy the full SHA
    9884852 View commit details
    Browse the repository at this point in the history

Commits on May 21, 2026

  1. Configuration menu
    Copy the full SHA
    33ec323 View commit details
    Browse the repository at this point in the history
  2. Enable clean docs URLs and update deploy actions to Node 24

    - Set cleanUrls so doc pages drop the .html suffix (works on GitHub Pages)
    - Bump deploy-docs actions to the Node 24 majors ahead of the Node 20
      runner removal (checkout v6, setup-node v6, configure-pages v6,
      upload-pages-artifact v5, deploy-pages v5)
    dereuromark committed May 21, 2026
    Configuration menu
    Copy the full SHA
    63332d0 View commit details
    Browse the repository at this point in the history

Commits on May 22, 2026

  1. Configuration menu
    Copy the full SHA
    fc60e8b View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    973500a View commit details
    Browse the repository at this point in the history

Commits on May 23, 2026

  1. Add DBML database schema snapshot

    Hand-maintained DBML snapshot of the plugin's migration schema under
    resources/schema/schema.dbml — paste into dbdiagram.io to view/diagram.
    Mirrors the snapshot already shipped by cakephp-workflow.
    dereuromark committed May 23, 2026
    Configuration menu
    Copy the full SHA
    c4a101c View commit details
    Browse the repository at this point in the history
  2. Link the DBML converter in the schema snapshot

    Point readers to https://toolbox.dereuromark.de/dbml so they can convert this
    DBML snapshot into the migration or raw SQL they need for their own app.
    dereuromark committed May 23, 2026
    Configuration menu
    Copy the full SHA
    609b2af View commit details
    Browse the repository at this point in the history

Commits on May 25, 2026

  1. Apply conservative Rector cleanup (#170)

    * Apply conservative Rector cleanup
    
    * Run PHPCS cleanup
    
    * Remove unused startup event
    
    * Validate role column config strictly
    
    * Restore !empty ternaries in tinyauth
    dereuromark authored May 25, 2026
    Configuration menu
    Copy the full SHA
    1f4b5fb View commit details
    Browse the repository at this point in the history
  2. Allow authentication v4 (#171)

    * Allow authentication v4
    
    * Fix authentication v4 static analysis
    
    * Support authentication v3 and v4 tests
    
    * Use direct identifier instances in tests
    
    * Rename test property to singular identifier
    
    The PrimaryKeySessionAuthenticator test now holds a single IdentifierInterface
    instance, so rename the misleading plural property to a singular name.
    dereuromark authored May 25, 2026
    Configuration menu
    Copy the full SHA
    3311863 View commit details
    Browse the repository at this point in the history
Loading