Sorry no, in development I still need to authenticate hence the allowance of api calls.
This is the problem. Everything now is in a password protected folder. So no access. I need a way to allow API yet still have it in production so controller kicsksin and denys all access but login.
Dave Maharaj
Freelance Designer | Developer
www.movepixels.com | dave@movepixels.com | 709.800.0852
From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Reuben Helms
Sent: Monday, December 02, 2013 8:45 PM
To: cake-php@googlegroups.com
Subject: Re: Production and Development Environment
Trying one more time...
The requirement is that in production, you need to authenticate to get access to the API, and that in development, no authentication is required.
The assumption is that the authentication will be session based, with a form based login action. There has been mention of a .htaccess file, but it wasn't clearly stated if this was used to provide authentication via Basic Authentication.
In the AppController, I would have:
public function beforeFilter() {
/* set up Authentication */
if (!Configure::read('developmentMode')) {
$this->Auth->deny(); /* a default deny for all actions, when not in developmentMode */
} else {
$this->Auth->allow(); /* a default allow for all actions, when in development mode */
}
}
And then in any controller, I would have:
public function beforeFilter() {
parent::beforeFilter();
/* the remainder of your code, to allow actions, and lift authentication restrictions for particular actions */
}
In production, this will ensure that all actions are denied by default, to be overridden by specific controllers.
In development, this will set up a default allow for all actions.
It's been a while since I've actually played with the CakePHP 2.X Auth stuff, but that's the general idea I was going for.
Best of luck finding a solution.
Regards
Reuben Helms
On Tue, Dec 3, 2013 at 8:39 AM, Advantage+ <movepixels@gmail.com> wrote:
I appolagize.
But if parent::before filter is called in the controller and reads production or development anything called after that will be over-ridden no?
You cannot get an API called back to a password protected folder so you have to remove the password protection, but if you want it to be a hidden folder which is not accessible you need a way to hide it.
From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of AD7six
Sent: Saturday, November 30, 2013 11:08 AM
To: cake-php@googlegroups.com
Subject: Re: Production and Development Environment
On Friday, 29 November 2013 05:45:50 UTC+1, advantage+ wrote:
Hmm sounds like the exact thing I said……..and if you do
Beforefilter::parent () in the controller what was the point of asking if there is an easy way to no go thur every controller!
Example::
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->deny();
//Allow Security to allow ajax request for these actions
$ajax_request = array('manage_add', 'manage_edit', 'manage_delete');
if(in_array($this->params['action'], $ajax_request)){
$this->Security->unlockedActions = $ajax_request;
$this->Security->csrfCheck = false;
}
}
Since parent:: is called you have to go thru every controller no?
If you see a correct way I happy to hear about it.
Thanks,
Dave.
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to a topic in the Google Groups "CakePHP" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cake-php/qY0yLORk4MM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment