Friday, October 19, 2012

RE: Routing Issue

Thanks,

 

But I don’t want admin or anything before login

 

I don’t want to put admin => false, editor => false or anything they might be trying

 

Simply if they do try to access something with any of the admin routes they get sent to users/login. Any controller which has no public asses at all $this->Auth->allow(); //allow nothing so any attempt to access any function in the controller / letmein/users/view/12 will send them to users/login not some fake letmein/user/login or admin / manger / editor….simply send them to USERS/LOGIN no prefix, no route just USERS/LOGIN.

 

 

From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Vanja Dizdarevic
Sent: Friday, October 19, 2012 6:36 PM
To: cake-php@googlegroups.com
Subject: Re: Routing Issue

 

Since I'm no expert in Auth component, let me just sing you the song of my code. 

file: routes.php

Router::connect('/users/login', array('controller'=>'users', 'action'=>'login', 'prefix'=>'admin', 'admin'=>true));

 

file: AppController.php

      public $components = array(

        'Auth' => array('authorize' => 'Controller', 

            // this forces admin_login to be the only login method regardless of prefix

            'loginAction' => array( 

                'controller' => 'users', 

                'action' => 'login', 

                'prefix'=>'admin', 

                'admin' => true))

    );

  public function beforeFilter(){

        if (isset($this->params['prefix']) 

             && in_array($this->params['prefix'], array('admin', 'editor'))) {

            //not relevant to question, but useful:

            Configure::write('Session.timeout', 60 * 4); 

            $this->layout = 'admin';

            

            $this->Auth->deny();

        } 

        else {

            Configure::write('Session.timeout', 60 * 48); //

            $this->layout = 'default';

                

            $this->Auth->allow('*');

        }

    }

    

    public function isAuthorized($user = null) {

        

        // Any registered user can access public functions

        if (empty($this->request->params['admin']) 

              && empty($this->request->params['editor'])) {

            return true;

        }

        // Only admins can access admin functions

        if (isset($this->request->params['admin'])) {

            return (bool)($user['role'] === 'admin');

        }

        // Only editors can access editor functions

        if (isset($this->request->params['editor'])) {

            return (bool)($user['role'] === 'editor');

        }

 

        // Default deny

        return false;

    }

 

This works for me (but test it anyways). I'm using 'admin' and 'editor', but login is always done through UserController::admin_login() method, regardless of prefix.
The login route is always /users/login, without the prefix.

Is this what you were searching for?

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
 
 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)