CakePHP: Auth error showing even on allowed actions
This one's making me scratch my head. I'm doing a basic authentication where I check a user's role, and allow or deny based on that role. I want to keep it simple and semantic (no ACL). But the Auth error message shows, even when the user attempts an allowed action... and remains visible after they've logged out.
Here's my app controller:
public $components = array(
'Session',
'Password',
'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home'),
'authError' => "Sorry, you're not allowed to do that.",
'authorize' => array('Controller')
),
'RequestHandler'
);
public function beforeFilter() {
$this->set('loggedIn', $this->Auth->loggedIn());
$this->set('current_user', $this->Auth->user());
$this->set('admin', $this->_isAdmin());
$this->set('coach', $this->_isCoach());
$this->Auth->allow('login', 'logout', 'display');
}
public function isAuthorized($user) {
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
return false;
}
And here's the beforeFilter and isAuthorized from another controller:
public function beforeFilter() {
parent::beforeFilter();
}
public function isAuthorized($user) {
if ($user['role'] === 'coach') {
if ($this->action === 'index') {
return true;
}
if (in_array($this->action, array('view', 'edit', 'delete'))) {
$id = $this->request->params['pass'][0];
$this->User->id = $id;
if ($this->User->field('client_id') === $user['client_id'] )
return true;
} else {
return false;
}
}
return false;
}
return
-- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment