Cakephp 2.3 $this->Auth->allow() is not working as expected

Question 1

Cakephp 2.3 $this->Auth->allow() is not working as expected

cakephp authentication cakephp-2.3

user927797 · Apr 1, 2013 · Viewed 11.2k times · Source

Answer

Answer

You are misunderstanding what allow()/deny() do. They are meant specify whether an action can be accessed with or without authentication (aka login). It's not meant to control authorization i.e. control access to action after a user is logged in. For that purpose you to configure authorization. Reading this should help you better understand.

Question 2

I'm trying to use the AuthComponent in CakePHP 2.3 but it's not behaving the way I would expect it to.

Basically, when I do

$this->Auth->allow('view');

The user is only supposed to have access to the view method, which is what is happening so great.

The problem is, when the user logs in, he suddenly has access to the 'add' method as well (my only other method in the controller at the moment. When he logs out, he doesn't have access to add anymore.

Here's my code:

//AppController

<?php
App::uses('Controller', 'Controller');

class AppController extends Controller {

public $components = array(
    'Session',
    'Auth' => array(
        'authenticate' => array(
            'Blowfish' => array(
                'fields' => array('username' => 'email', 'password' => 'password')
            )
        )
    )

);

public function beforeFilter() {      
  $this->Auth->deny('add');
  $this->Auth->allow('view');
}

}

My PagesController is simply this:

<?php
App::uses('AppController', 'Controller');

class PagesController extends AppController {

public $uses = array('Pages');

public function view($id = null) {
       echo 'In view';
    }

public function add($id = null) {
       echo 'In add';
    }

}

Cakephp 2.3 $this->Auth->allow() is not working as expected

Answer

Related questions