i'm getting really weird behavior. After configuring my Auth & Acl..
I know its a large post, but PLEASE HELP!!
I'm initializing with this code:
function initDB() {
$aro = new Aro();
$aros = array(
0 => array('model' => 'Group', 'foreign_key' => 1),
1 => array('model' => 'Group', 'foreign_key' => 2),
2 => array('model' => 'Group', 'foreign_key' => 3),
3 => array('parent_id' => 1, 'model' => 'User', 'foreign_key' =>
1),
4 => array('parent_id' => 2, 'model' => 'User', 'foreign_key' =>
2),
5 => array('parent_id' => 3, 'model' => 'User', 'foreign_key' => 3)
); // users & groups mysql tables all ready have 3 records each
foreach($aros as $data)
{
$aro->create();
$aro->save($data);
}
// Reads Configure::listObjects('controller') and create an aco node
// for each Controller with aco root Controllers/
$this->buildAcl();
$group =& $this->User->Group;
// Allow admins to everything
$group->id = 1;
$this->Acl->allow($group, 'Controllers');
// Deny all to none admins
$group->id = 2;
$this->Acl->deny($group, 'Controllers');
$group->id = 3;
$this->Acl->deny($group, 'Controllers');
}
In my AppController
var $components = array('Auth', 'Acl', 'RequestHandler', 'P28n');
var $helpers = array('html', 'javascript', 'form');
function beforeFilter() {
//Configure AuthComponent
$this->Auth->allowedActions = array('display', 'index',
'view');
$this->Auth->authorize = 'actions';
$this->Auth->loginAction = array('controller' => 'users',
'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'users',
'action' => 'login');
$this->Auth->actionPath = 'Controllers/';
}
It all started because I'm using swfupload and it worked quite all
right without Auth. After auth once I logged in, got to my view, and
when trying to upload (ajaxly through /uploaded_imgs/upload) i gotten
for response the login page telling me there's no authorization for
that request and I discovered that even after login, Auth->user() was
null in that ajax call. If I called /uploaded_imgs/upload directly
from through the address bar Auth->user() was present. However trying
another ajax call, not with swfupload, the auth->user was also
present.
Then i went futher to see what the heak was happening, take a look at
this stuff...
// this IS NOT allowed without login in with or without the commented
lines
// note function has single word name
function publishment(){
$this->layout = "denouncements_publish";
//$data = $this->requestAction('/damages/all');
//$this->set('damages', $data);
}
// this IS NOT allowed without login in with or without the commented
lines
// note function has single word name
function pub(){
$this->layout = "denouncements_publish";
//$data = $this->requestAction('/damages/all');
//$this->set('damages', $data);
}
// this IS allowed without login with those lines commented, how
ever
// when those lines are executed aint allowed. Note 2 words function
name
function publishmentTest(){
$this->layout = "denouncements_publish";
//$data = $this->requestAction('/damages/all');
//$this->set('damages', $data);
}
// this IS NOT allowed without login in
// note function has single word name
function jsonfields(){
$this->layout = null;
$this->set('json', json_encode($this->Denouncement->query("DESCRIBE
denouncements", true)));
}
// this IS allowed without login in
// note function has multiple words name
function fieldNamesJson(){
$this->layout = null;
$this->set('json', json_encode($this->Denouncement->query("DESCRIBE
denouncements", true)));
}
So, getting to the point, how do I get Auth working correctly,
authorizing only the allowed actions declared in appController and
denying the rest to unidentified users. And also, why might uploading
(swfupload) the ajax call to /uploaded_imgs/upload is restricted while
addressbar called works correctly. Why is Auth letting unidentified
calls to some non allowed actions and whats the deal with functions
names that affects Auth for allowing or not a request? any ideas?
I'll really really appreciate any help
thanks a lot
regards
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment