running it automatically with BeforeFilter you can get the protection
easily to all admin actions, no matter how many you have,
automatically. This is what I did with BakeSale (http://
www.bakesalepro.com/).
On 27 touko, 05:08, Sidney <AussieAlThomp...@gmail.com> wrote:
> Hi All,
>
> This is a general question - I have read the manual, and got the code
> working.
>
> In my app I have a need for some admin functions e.g. reset password
> and change user status (banned/vip etc).
>
> So I set up admin prefix routing by uncommenting Configure::write
> ('Routing.admin', 'admin'); in core and created new actions:
> admin_chg_pass, and admin_edit in my Users controller. I also created
> the views for the actions, and everything works nicely.
>
> To restrict access to these functions I added an isAuthorised function
> (using Auth) to check for role=='admin', and used $this->Auth->authorize='controller' in the Users controller. All this is straight
>
> from the manual, and works correctly: only admins can access the
> functions.
>
> My question is why use admin routing at all? Because I have to code
> the isAuthorized function, with the names of the actions that must be
> restricted in each controller, I don't see where admin routing is
> adding any benefit. I could write the same functions (same or
> different names), use the same Auth functionality, and get the same
> outcome.
>
> It would be fantastic if cake automagically restricted admin_* actions
> to role='admin' on the users table (with the usual override/config
> options). I could write that myself in the App_controller I guess, but
> I want to leverage cake as much as possible.
>
> In fact admin routing seems to complicate things where the admin also
> needs to use 'normal' functions because the url automatically gets
> prefixed, but there is no admin_xxxx action only xxxx which leads to
> missing action errors.
>
> My layout code can also decide what menus etc to display by checking
> role too, rather than having different layout files.
>
> Because everything in cake is so well designed, I am sure admin prefix
> routing is the right strategy, and my dumb brain is the problem. Could
> someone please help me understand what the benefits are?
>
> Thanks,
> Sid.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment