CakePHP Auth how to allow specific controller and actions

Question

I have a "Posts" and a "Users" controller. I use the Auth Component and I want that all users can visit "Post.index" but only logged in users can visit "User.index".

In my app_controller.php I have this

$this->Auth->allow('signup', 'confirm', 'index');

but with that all users can visit post.index and user.index. How can I specify a Controller in the allow-method?

This didn't work for me:

$this->Auth->allow('signup', 'confirm', 'Post.index');

---

update I removed 'index' from the app_controller.php and instead set it in the beforeFilter method in the post controller:

function beforeFilter() 
{
    parent::beforeFilter();
    $this->Auth->allow('index');
}

I also set a variable "loggedIn" in app_controller, without calling "parent::beforeFilter();" I got an "undefined variable" notice.

thx sibidiba

Answer 1

For CakePHP 3.* to allow specific methods in the specific controller

//put this line after namespace
use Cake\Event\Event;

// in your specific controller call this function to allow specific methods
public function beforeFilter(Event $event) {
        parent::beforeFilter($event);
        $this->Auth->allow(['index','view']); //<-- here you put your methods
}

Answer 2

In cake 3.x you can use below lines of code to allow all the actions.

    public function beforeFilter(Event $event) {
      parent::beforeFilter($event);
      $this->Auth->allow();
    }

Answer 3

It’s a common problem to CakePHP developer to auth allow to specific actions of a specific controller

https://blog.sohelrana.me/cakephp-auth-allow-specific-actions-specific-controllers/

Answer 4

For Cakephp 2.x, there are several methods (depending on the cakephp version).

From the docs (http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html):

// Allow all actions. CakePHP 2.0
$this->Auth->allow('*');

// Allow all actions. CakePHP 2.1
$this->Auth->allow();

// Allow only the view and index actions.
$this->Auth->allow('view', 'index');

// Allow only the view and index actions.
$this->Auth->allow(array('view', 'index'));

Answer 5

$this->name returns current Controller requested.

try this in AppController::beforeFilter()

public function beforeFilter()
{

    // ... Basic configs 

    switch ($this->name) {
        case 'Posts':
            $this->Auth->allow('add');
            break;              
        case 'Test':
            $this->Auth->allow('test');
            break;
    }
}

Sorry, my english is not good

Answer 6

Depends on the version you're working on. If it's cakephp 2.x, put this code into the controller that has the action you want give access without login. As your question, you should put this code to Posts controller:

function beforeFilter(){
     $this->Auth->allow(array('index','another action'));}

allow(array('acction you want to allow')) instead allow('acction you want to allow')

Answer 7

I am using CakePHP 2.x. The slash trick doesn't work.

If you want to allow user access "myController.myAction" without login, you should add beforeFilter() into myController.php instead of AppController.php

Here is the code to add into myController.php:

function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('myAction');
}

Answer 8

The period will not work. You could try '/' instead. If that fails as well, you should set $this->Auth->allow('index') in PostController's and UserController's ::beforeFilter() individually. Don't forget to call parent::beforeFilter().