Lorna Mitchell has a post to her site with some helpful instructions for the CakePHP3 users out there around access control. The framework comes with no built-in functionality for authentication so she shows how to set up your own.

The newest version of CakePHP doesn't ship with built in ACL, which means you need to write your own. Personally I think this is a smart move, having looked at the one-size-fits-all solutions for previous versions of the framework and knowing that every system has different requirements, this version has good hooks and documentation on how to add something that works for your application. I thought I'd share what worked for mine.

She starts with some of the initial setup: creating the relationship between the users and her custom roles table and "baking" the controllers and templates. She then goes through the use of the authorize method and how it can handle the user/request combination to determine access. She includes the code for her auth class, showing both the authorize method and a simplified userHasRole method. She walks you through the code and one downfall the setup has: not being able to validate access in views and templates.

On NetTuts.com they've kicked off a new series of tutorials teaching you about Laravel development but using the principles and testing of behavior-driven development (BDD). In this first part of the series they get you started with the basic environment and a few simple tests.

Welcome to this series about developing Laravel applications using a behavior-driven development (BDD) approach. Full stack BDD can seem complicated and intimidating. There are just as many ways of doing it as there are developers. In this series, I will walk you through my approach of using Behat and PhpSpec to design a Laravel application from scratch. There are many resources on BDD in general, but Laravel specific material is hard to find. Therefore, in this series, we will focus more on the Laravel related aspects and less on the general stuff that you can read about many other places.

He talks about what it means to "describe behavior" versus other kinds of testing and introduces the sample application they'll be creating to show these principles: a time tracker. Following this, they help you install the needed tools (via Composer) and initialize the directory to be ready for the Behat/Phpspec tests you'll create. An example of a basic Feature is included, testing the initial Laravel "Welcome" page it defaults to and how to execute it. Finally, following the ideals of BDD, they show how to implement the "Given I am logged in" step first in the test then in the Laravel application.