In my AppController beforeFilter() - I have an $this->Auth->allow('display');
Then in another controller I do class AddressesController extends AppController { public function beforeFilter() { parent::beforeFilter(); $this->Auth->allow('*'); debug($this->Auth,1,1); } } The debug shows this as part of the Auth structure. allowedActions => array( (int) 0 => 'display', (int) 1 => '*' ) The problem is, that in AuthComponent::startup() it does a check to see if this action is allowed. $isAllowed = ( $this->allowedActions == array('*') || in_array($action, array_map('strtolower', $allowedActions)) ); It is assuming that if the wildcard is in allowedActions, it is the "ONLY" thing. Which is not true in my case above, so this fails and thus authorization is denied. Is this a bug? or a feature? If feature, should I just remove any Allow's from AppController? or is there another workaround? Thanks, Bill -- View this message in context: http://cakephp.1045679.n5.nabble.com/Auth-allow-bug-or-feature-tp5689260.html Sent from the CakePHP mailing list archive at Nabble.com. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php