Reputation:
Cakephp 2.3 $this->Auth->allow() is not working as expected
I'm trying to use the AuthComponent in CakePHP 2.3 but it's not behaving the way I would expect it to.
Basically, when I do
$this->Auth->allow('view');
The user is only supposed to have access to the view method, which is what is happening so great.
The problem is, when the user logs in, he suddenly has access to the 'add' method as well (my only other method in the controller at the moment. When he logs out, he doesn't have access to add anymore.
Here's my code:
//AppController
<?php
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Blowfish' => array(
'fields' => array('username' => 'email', 'password' => 'password')
)
)
)
);
public function beforeFilter() {
$this->Auth->deny('add');
$this->Auth->allow('view');
}
}
My PagesController is simply this:
<?php
App::uses('AppController', 'Controller');
class PagesController extends AppController {
public $uses = array('Pages');
public function view($id = null) {
echo 'In view';
}
public function add($id = null) {
echo 'In add';
}
}
Upvotes: 2
Views: 11435
Answers (2)
Reputation: 41
if you work on cakephp 2.x you must do like this :
function beforeFilter(){
$this->Auth->allow(array('action you want to allow1','action you want to allow2'));
}
- allow(array()) instead allow()
---put that code into controller have action you want allow access without login
if you use $this->Auth->allow() you must call parent::beforeFilter(); in function beforeFilter() like this :
function beforeFilter(){
parent::beforeFilter();
$this->Auth->allow('add','view');
}
Upvotes: 1
Reputation: 8100
You are misunderstanding what allow()/deny() do. They are meant specify whether an action can be accessed with or without authentication (aka login). It's not meant to control authorization i.e. control access to action after a user is logged in. For that purpose you to configure authorization. Reading this should help you better understand.
Upvotes: 2
Related Questions
- Cakephp 2.0 $this->Auth->login() not working
- $this->auth->login() Not Working
- Why is $this->Auth->login() always returning false? (CakePHP 2.x)
- cakephp: $this->Auth->allow
- Auth allow not working always redirects to login
- CakePHP $this->Auth->login() return false
- Auth($this->auth->login()) return false in cakephp 2.5.6
- Allow entire controller in CakePHP Auth and allow() doesn't work
- CakePHP $this->Auth->login() not working
- CakePHP allowing, denying access using Auth