Reputation: 7208
In CakePHP, how do I create an Access Denied route?
When going through the tutorials for setting up the Auth and ACL components, I discovered that when a logged-in user accesses an area of my site that they do not have permissions for, they are redirected to /.
This isn't a show stopper, as I can always redirect them to the appropriate place from my homepage view or just display an error there, but that seems sort of hacky. Is there a way to specify where ACL should redirect a user if they do not have access to a particular view? I'd just like to set up a simple global access denied error page in this case. Even having it redirect them to the login page again would be kind of acceptable, but the homepage just seems like a really odd default for the system to use.
Upvotes: 1
Views: 673
Answers (1)
Reputation: 2014
You could set $this->Auth->authorize = 'controller', then specify redirect in the isAuthorized() callback.
http://book.cakephp.org/view/1275/authorize
http://api13.cakephp.org/view_source/auth-component/#line-508
You could also test $this->Auth->user() for sufficient privileges and redirect on fail:
if ($this->Auth->user('level') < 2) {
$this->redirect('/users/declined');
}
Otherwise, Auth->redirect() pulls whatever the login redirect property is set to, which defaults to /. See http://api13.cakephp.org/view_source/auth-component/#line-745
Upvotes: 1
Related Questions
- CakePHP 3.4 ACL and Admin Routing
- Deny admin routes for specific and not logged users
- CakePHP 3 : restrict access to whole controller without login
- CakePHP 3: Allow access only when being redirected from a specific action
- ACL and Admin routing in CakePHP
- Prevent CakePHP controller access with routing
- Cakephp ACL restrict controllers
- Block access to pages in cakePHP
- Control the redirect when access denied by ACL in Cake
- CakePHP 2.x: Alaxos ACL Plugin- configure the admin route