Friday, October 26, 2012

Checking for authorization during ajax calls

This is the code in beforeFilter in AppController: 

        if (!$this->user &&                       //User not logged in
            $this->request->isAjax() &&                                                 
            !in_array($this->request->params['action'], $this->Auth->allowedActions)){ //Is an action that requires to be logged in
                $ret['mustLogin'] = true;
                echo json_encode($ret); 
                return;
        }

It works well for controls with $this->Auth->allow('myaction', 'myotheraction') or that do not have a Auth->allow  but for the controllers that have: $this->Auth->allow('*') it does not work.
In these cases $this->Auth->allowedActions is empty.

Is it a bug? Is there a workaround?

Best,
   Chris
 

--
--Everything should be made as simple as possible, but not simpler (Albert Einstein)

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
 
 

No comments: