to ajax calls. I think the session is involved here plus the fact that
if you use IE for a browser, it is caching something wrong. So in my
case I put this line:
$this->disableCache();
in the beforeFilter() function in the AppController. Then all worked
fine for me, but my app is build around ajax requests and I don't need
the cache services of the browser.
On Mar 28, 6:25 am, rartavia <royarta...@gmail.com> wrote:
> Hello there, I'm having kind of a hard time setting up Auth Component,
> i'm getting really weird behavior. After configuring my Auth & Acl..
>
> I know its a large post, but PLEASE HELP!!
> I'm initializing with this code:
>
> function initDB() {
>
> $aro = new Aro();
> $aros = array(
> 0 => array('model' => 'Group', 'foreign_key' => 1),
> 1 => array('model' => 'Group', 'foreign_key' => 2),
> 2 => array('model' => 'Group', 'foreign_key' => 3),
> 3 => array('parent_id' => 1, 'model' => 'User', 'foreign_key' =>
> 1),
> 4 => array('parent_id' => 2, 'model' => 'User', 'foreign_key' =>
> 2),
> 5 => array('parent_id' => 3, 'model' => 'User', 'foreign_key' => 3)
> ); // users & groups mysql tables all ready have 3 records each
>
> foreach($aros as $data)
> {
> $aro->create();
> $aro->save($data);
> }
>
> // Reads Configure::listObjects('controller') and create an aco node
> // for each Controller with aco root Controllers/
> $this->buildAcl();
>
> $group =& $this->User->Group;
>
> // Allow admins to everything
> $group->id = 1;
> $this->Acl->allow($group, 'Controllers');
>
> // Deny all to none admins
> $group->id = 2;
> $this->Acl->deny($group, 'Controllers');
> $group->id = 3;
> $this->Acl->deny($group, 'Controllers');
>
> }
>
> In my AppController
>
> var $components = array('Auth', 'Acl', 'RequestHandler', 'P28n');
> var $helpers = array('html', 'javascript', 'form');
>
> function beforeFilter() {
> //Configure AuthComponent
> $this->Auth->allowedActions = array('display', 'index',
> 'view');
>
> $this->Auth->authorize = 'actions';
> $this->Auth->loginAction = array('controller' => 'users',
> 'action' => 'login');
> $this->Auth->logoutRedirect = array('controller' => 'users',
> 'action' => 'login');
>
> $this->Auth->actionPath = 'Controllers/';
>
> }
>
> It all started because I'm using swfupload and it worked quite all
> right without Auth. After auth once I logged in, got to my view, and
> when trying to upload (ajaxly through /uploaded_imgs/upload) i gotten
> for response the login page telling me there's no authorization for
> that request and I discovered that even after login, Auth->user() was
> null in that ajax call. If I called /uploaded_imgs/upload directly
> from through the address bar Auth->user() was present. However trying
> another ajax call, not with swfupload, the auth->user was also
> present.
>
> Then i went futher to see what the heak was happening, take a look at
> this stuff...
>
> // this IS NOT allowed without login in with or without the commented
> lines
> // note function has single word name
> function publishment(){
> $this->layout = "denouncements_publish";
> //$data = $this->requestAction('/damages/all');
> //$this->set('damages', $data);
> }
>
> // this IS NOT allowed without login in with or without the commented
> lines
> // note function has single word name
> function pub(){
> $this->layout = "denouncements_publish";
> //$data = $this->requestAction('/damages/all');
> //$this->set('damages', $data);
> }
>
> // this IS allowed without login with those lines commented, how
> ever
> // when those lines are executed aint allowed. Note 2 words function
> name
> function publishmentTest(){
> $this->layout = "denouncements_publish";
> //$data = $this->requestAction('/damages/all');
> //$this->set('damages', $data);
> }
>
> // this IS NOT allowed without login in
> // note function has single word name
> function jsonfields(){
> $this->layout = null;
> $this->set('json', json_encode($this->Denouncement->query("DESCRIBE
> denouncements", true)));
> }
>
> // this IS allowed without login in
> // note function has multiple words name
> function fieldNamesJson(){
> $this->layout = null;
> $this->set('json', json_encode($this->Denouncement->query("DESCRIBE
> denouncements", true)));
> }
>
> So, getting to the point, how do I get Auth working correctly,
> authorizing only the allowed actions declared in appController and
> denying the rest to unidentified users. And also, why might uploading
> (swfupload) the ajax call to /uploaded_imgs/upload is restricted while
> addressbar called works correctly. Why is Auth letting unidentified
> calls to some non allowed actions and whats the deal with functions
> names that affects Auth for allowing or not a request? any ideas?
>
> I'll really really appreciate any help
> thanks a lot
> regards
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment