I had to piece together information from several different places to
finally come up with a usage of the Auth Component I was somewhat
happy with. The primary thing that bothered me is that when using
$this->Auth->authorize = 'controller';, all actions are denied by
default. In my mind, I thought I would just allow all actions and then
deny the ones that need security, but it doesn't work that way. Also,
I wanted to focus most of the work in AppController, so that if other
controllers didn't want to use security, they didn't have to do
anything. Let me share my bare solution in hopes that it might help
someone else.
AppController:
var $components = array('Auth');
var $__guestActions = array(); // override this in controller
var $__userActions = array(); // override this in controller
var $__adminActions = array(); // override this in controller
var $__neverAllow = array('login'); // this saved me some headaches -
don't put logout in here
var $currentUser = null;
function beforeFilter() {
$this->Auth->authorize = 'controller'; // with this set, Auth looks
for isAuthorized()
$this->currentUser = $this->Auth->user(); // for convenience
// this is where I screw with what Cake intended
$allActions = $this->getAllActions(); // get every single method from
the controller
$allowedActions = array_diff($allActions, $this->__neverAllow); //
remove never allowed actions
$allowedActions = array_diff($allowedActions, $this-
>__userActions); // remove user actions
$allowedActions = array_diff($allowedActions, $this-
>__adminActions); // remove admin actions
$this->Auth->allow($allowedActions); // only allow the leftovers
}
function beforeRender(){
$this->set('currentUser', $this->currentUser); // this makes my
$currentUser available to all my views
}
function getAllActions() {
return get_class_methods($this->name.'Controller'); // this gets all
the methods from the controller
}
// I basically set this up for a three-level security approach (guest,
user, admin)
function isAuthorized() {
$requestedAction = $this->params['action'];
$isAdmin = $this->currentUser['User']['admin'];
if($isAdmin){
return true;
}elseif(in_array($requestedAction, $this->__userActions)) {
return true;
}else{
return false;
}
}
UsersController:
var $__guestActions = array('testGuest'); // if I commented this out,
it would still work
var $__userActions = array('testUser'); //
var $__adminActions = array('testAdmin');
function testGuest() {
// everyone can access this
}
function testUser() {
// only users and admins in here
}
function admin() {
// only admins in here
}
function login() {
if(!empty($this->data)) {
if($this->Auth->login()) {
$this->redirect($this->Auth->loginRedirect);
}else{
$this->data = null;
$this->set('error', $this->Auth->loginError);
}
}
}
function logout() {
$this->Auth->logout();
$this->redirect($this->Auth->logoutRedirect);
}
function beforeFilter(){
parent::beforeFilter(); // if you plan to use beforeFilter() in your
controller, add this first
}
That's about it. It's really stripped down and basic, but it's my
first attempt, and it works. You can opt to use any, all, or none of
the three "access" variables ($__guestActions, $__userActions, and
$__adminActions).
All the blogs I read basically had empty login and logout controllers.
I never saw got that to work. Am I missing something? Also,
redirection doesn't work well in this. If you arrive at an empty
Oh, by the way, you need to create a user manually in your database.
To get a password that works, use $this->Auth-
>password($password_to_hash);. That will give you the hashed password.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
