Jeremy Burns
Class Outfit
jeremyburns@classoutfit.com
http://www.classoutfit.com
On 2 Dec 2010, at 07:48, Jeremy Burns wrote:
> I feel like I ought to know this, but am struggling <embarrassed>.
>
> I am using the Auth component (not Acl). I have an isAuthorized
> function in app_controller and another in my users_controller. The one
> in users fires whenever someone calls an action in the users
> controller; otherwise the one in app_controller is called.
>
> I have allowed access to the 'create' and 'logout' actions in the
> users_controller.
>
> Here's my problem: if I allow access to the 'view' action, any user
> can see any user record without being challenged even when not logged
> in. If I leave 'view' out of $this->Auth->allow, no user has access to
> it (not even the currently logged in user). Going to /users/view/1
> simply redirects to the home page (saying I do not have sufficient
> rights). Also, if I don't specifically allow access to 'logout', the
> logout actions fails. I thought this was allowed by default?
>
> I'm on version 1.3.6 Anyone got any hints?
>
> Code>>>
>
> I have this in my app_controller:
>
> var $components = array(
> ...,
> 'Auth' => array(
> 'authorize' => 'controller',
> 'loginError' => 'Your username and/or password are incorrect.
> Please try again.',
> 'authError' => 'You do not have sufficient privileges to view that
> page.',
> 'logoutRedirect' => array(
> 'prefix' => false,
> 'controller' => 'about'
> )
> )
> );
>
> I have this in my users_controller:
>
> function beforeFilter() {
> parent::beforeFilter();
>
> $this->Auth->allow(
> 'create',
> 'logout'
> );
> }
>
> function isAuthorized() {
>
> if (isset($this->params['pass'][0])):
> if (!$this->Auth->user()):
> $this->Session->setFlash('You must be logged to view that
> record.', 'default', array('class' => 'no_entry'));
> $this->redirect($this->Auth->loginAction());
> else:
> if ($this->Auth->user('id') == $this->params['pass'][0]):
> $this->Session->setFlash('Welcome back', 'default',
> array('class' => 'success'));
> else:
> $this->Session->setFlash('You do not have permission to view that
> record.', 'default', array('class' => 'no_entry'));
> $this->redirect('/');
> endif;
> endif;
>
> else:
> $this->redirect('/');
> endif;
> }
>
> Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
>
> You received this message because you are subscribed to the Google Groups "CakePHP" group.
> To post to this group, send email to cake-php@googlegroups.com
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment