Tuesday, June 29, 2010

Re: Auth::authorize - controller -- How to handle guests?

You can add $this->Auth->allowedActions = array('action'); to the
app_controller.php for all controllers rather than having to set it
for every single controller. Can't think of anything else other than
that.

On Jun 24, 2:52 pm, Melanie Sommer <melanie-som...@mailinator.com>
wrote:
> Hello,
>
> I am using AuthComponent with authorization from the controller. Thus
> my app_controller.php looks like
>
> ##################################################
> class AppController extends Controller {
> var $components = array('Auth','RequestHandler');
> var $uses = array('User');
> public function beforeFilter(){
>     $this->User->contain('Group');
>     if(isset($this->Auth)){
>         parent::beforeFilter();
>         $this->Auth->authorize = 'controller';
>     }}
>
> function isAuthorized(){
>     $allowedActions = array(
>         'model'  => array(
>             'action' => array(id1,id2,id3)
>             ...
>         ...
>         )
>     $group_id = $this->Auth->user('group_id');
>     if(isset($allowedActions[low($this->name)])){
>         $controllerActions = $allowedActions[low($this->name)];
>         if(isset($controllerActions[$this->action]) &&
>             in_array($group_id,$controllerActions[$this->action])){
>             return true;
>         }
>         return false;
>     }}
> }
>
> ##################################################
>
> I would like to handle access of guests directly in the
> $allowedActions array.
>
> First I thought, I could simply check whether $this->Auth->user('group_id'); returns a value and if not, set $group_id to a
>
> value that I use in the $allowedActions array for guest access.
> isAuthorized would then return true if the guest tries to access an
> allowed model/action and false if a prohibited model/action, just as
> it does for logged-in users.
>
> But the function isAuthorized() seems to be only called if a user is
> logged in, so this approach does not help me at all.
>
> I know that I can use
>         public function beforeFilter(){
>                 parent::beforeFilter();
>                 $this->Auth->allowedActions = array('action');
>         }
> in every controller for which I want some actions to be accessible for
> guests, but that is very inconvenient.
>
> Is there a way that cake calls isAuthorized even if no user is logged
> in (or set a parameter so that cake thinks a user is logged in)? (or
> an other, better way to solve this problem)
>
> Thank you for your help!
> Melanie

Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.

You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)