In my AppController beforeFilter() - I have an
$this->Auth->allow('display');
Then in another controller I do
class AddressesController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('*');
debug($this->Auth,1,1);
}
}
The debug shows this as part of the Auth structure.
allowedActions => array(
(int) 0 => 'display',
(int) 1 => '*'
)
The problem is, that in AuthComponent::startup()
it does a check to see if this action is allowed.
$isAllowed = (
$this->allowedActions == array('*') ||
in_array($action, array_map('strtolower', $allowedActions))
);
It is assuming that if the wildcard is in allowedActions, it is the
"ONLY" thing. Which is not true in my case above, so this fails and
thus authorization is denied.
Is this a bug? or a feature?
If feature, should I just remove any Allow's from AppController? or is
there another workaround?
Thanks,
Bill
View this message in context: Auth allow bug? or feature?
Sent from the CakePHP mailing list archive at Nabble.com.
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment