In my AppController beforeFilter()  - I have an
$this->Auth->allow('display');

Then in another controller I do
class AddressesController extends AppController {

     public function beforeFilter() {
         parent::beforeFilter();
        $this->Auth->allow('*');
            debug($this->Auth,1,1);
     }
}

The debug shows  this as part of the Auth structure.

        allowedActions =>  array(
                (int) 0 =>  'display',
                (int) 1 =>  '*'
        )


The problem is, that in AuthComponent::startup()
    it does a check to see if this action is allowed.

         $isAllowed = (
             $this->allowedActions == array('*') ||
             in_array($action, array_map('strtolower', $allowedActions))
         );

   It is assuming that if the wildcard is in allowedActions, it is the 
"ONLY" thing.  Which is not true in my case above, so this fails and 
thus authorization is denied.

Is this a bug?   or a feature?
If feature, should I just remove any Allow's from AppController? or is 
there another workaround?

Thanks,
Bill


--
View this message in context: 
http://cakephp.1045679.n5.nabble.com/Auth-allow-bug-or-feature-tp5689260.html
Sent from the CakePHP mailing list archive at Nabble.com.

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Reply via email to