Reputation: 7450
Problems with multiple authorization components
I'm really enjoying using CakePHP's authentication and authorization components and have created custom components to suit the situation that I find myself in.
My problem stems from the fact that I now want two levels of authorization.
In my AppController I have authorization configured as follows
public $components = array(
"Auth" => array(
'authorize' => array('controller','App'),
)
);
With 'App' linking to a custom AppAuthorize component, and 'controller' invoking the ControllerAuthorize component.
While each of these components works individually very well, its their interaction which is causing problems.
The problem is that if the controller authorization (through isAuthorized()) returns true, then the second component is not checked. Conversely, if the controller authorization returns false, then AppAuthorize is checked.
What I would like to happen is for both of them to always be checked; returning the logical AND of the two responses rather than the logical OR that is currently being returned.
Has anyone got any ideas of a way around this or if this is even possible through cake's authorization components?
Thanks
Rob
Upvotes: 0
Views: 131
Answers (1)
Reputation: 25698
Why do you not simply extend the ControllerAuthorize class with your AppAuthorize and add the condition you need and check for the AND condition in the class.
Cake itself will always grant access when one of the Authorize objects is returning true.
Upvotes: 1
Related Questions
- CakePHP Auth Component Using 2 Tables
- Roles in CakePHP Auth Component
- How to use multiple Auth components?
- cakePHP auth component not working
- Adding multiple roles to CakePHP Auth Component
- Cakephp 2 - Use Auth-Component in another Component
- Error when logging in using CakePHP's Auth component
- CakePHP auth component not working when one action calls another
- cakePHP authentication problems
- Cake PHP - problem with auth component