Make the primary key not accessible.

Letting the primary key be set through mass assignment can allow some
interesting problems when application logic forgets to handle ACLs
properly.

src/Console/Command/Task/ModelTask.php

@@ -363,8 +363,9 @@ class ModelTask extends BakeTask {
 		}
 		$schema = $model->schema();
 		$columns = $schema->columns();
-		$exclude = ['created', 'modified', 'updated'];
-		return array_diff($columns, $exclude);
+		$primary = $this->getPrimaryKey($model);
+		$exclude = array_merge($primary, ['created', 'modified', 'updated']);
+		return array_values(array_diff($columns, $exclude));
 	}
 
 /**

tests/TestCase/Console/Command/Task/ModelTaskTest.php

@@ -295,7 +295,6 @@ class ModelTaskTest extends TestCase {
 		$model = TableRegistry::get('BakeArticles');
 		$result = $this->Task->getFields($model);
 		$expected = [
-			'id',
 			'bake_user_id',
 			'title',
 			'body',