CODEWITHSUNDEEP
validationcakephp
user8531134
user8531134

Reputation:

how to stop execution of ctp file in cakephp 2.x after validating the url

In my CakePHP application, I have applied Url validations so that admin can access only those actions which are defined for admin and same as with users. In my application, "surveylist" is the action of admin and when any user directly access that action(surveylist), URL validations work(Unauthorized access msg is displayed). But below that message ctp file of surveylist executes forcefully and show errors because I have validated URL through the try-catch block and it cannot get the set variables of action. I want that ctp file should not execute if unauthorize error comes.

My code for surveylist is:-

public function surveylist($pg=null){
  try{
      if($this->checkPageAccess($this->params['controller'] . '/' . $this->params['action'])){
          $this->Paginator->settings = array(
                                          'Survey' => array(
                                                        'limit' => 5,
                                                        'order' => 'created desc',
                                                        'conditions'=>array('is_deleted'=> 0),
                                                    'page' => $pg
                                                       )
                                       );
          $numbers = $this->Paginator->paginate('Survey');
          $this->set(compact('numbers'));
      }else{
        $this->Flash->set(__('Unauthorised access'));

      }
  }catch(Exception $e){
  $this->Flash->set(__($e->getMessage()));
}

}

I don't want the ctp file of surveylist to execute if control comes to else. Plz, help me out...... Thanx in advance...

Upvotes: 0

Views: 58

Answers (1)

Khattu Developer
Khattu Developer

Reputation: 99

I suppose you are using prefix to separate admin and users, if not please do that it is great way to handle and restrict methods.

After doing that you have to make condition to check which prefix(admin, user) is currently active and according that load Auth component and allow action in allow() method of Auth.

Example:

$this->loadComponent('Auth',[
    /*'authorize' => [
        'Acl.Actions' => ['actionPath' => 'controllers/']
    ],*/
    'loginRedirect' => [
        'controller' => 'Users',
        'action'     => 'index'
    ],
    'authenticate' => [
        'Form' => [
            'fields' => [
                'username' => 'email',
                'password' => 'password'
            ]
        ]
    ],
    'loginAction' => [
        'controller' => 'Users',
        'action' => 'login'
    ],
    'unauthorizedRedirect' => [
        'controller' => 'Users',
        'action' => 'login',
        'prefix' => false
    ],
    'authError' => 'You are not authorized to access that location.',
]);

if ($this->request->params['prefix']=='admin') {
    // Put actions you want to access to admin in allow method's array
    $this->Auth->allow(array('add', 'edit', etc...));
} else if ($this->request->params['prefix']=='user') {
    // Put actions you want to access to user in allow method's array
    $this->Auth->allow(array('login', 'view', etc...));
}

This way you can restrict actions for particular role.

Hope this helps!

Upvotes: 0

Related Questions