Cakephp 2.3 $this->Auth->allow() is not working as expected

cakephp authentication cakephp-2.3
11,297

Solution 1

You are misunderstanding what allow()/deny() do. They are meant specify whether an action can be accessed with or without authentication (aka login). It's not meant to control authorization i.e. control access to action after a user is logged in. For that purpose you to configure authorization. Reading this should help you better understand.

Solution 2

if you work on cakephp 2.x you must do like this :

function beforeFilter(){       
    $this->Auth->allow(array('action you want to allow1','action you want to allow2'));
}
  • allow(array()) instead allow()

---put that code into controller have action you want allow access without login

if you use $this->Auth->allow() you must call parent::beforeFilter(); in function beforeFilter() like this :

function beforeFilter(){     
             parent::beforeFilter();    
    $this->Auth->allow('add','view');
}
Share:
11,297
Admin
Author by

Admin

Updated on June 04, 2022

Comments

  • Admin
    Admin almost 2 years

    I'm trying to use the AuthComponent in CakePHP 2.3 but it's not behaving the way I would expect it to.

    Basically, when I do

    $this->Auth->allow('view');

    The user is only supposed to have access to the view method, which is what is happening so great.

    The problem is, when the user logs in, he suddenly has access to the 'add' method as well (my only other method in the controller at the moment. When he logs out, he doesn't have access to add anymore.

    Here's my code:

    //AppController

    <?php
App::uses('Controller', 'Controller');

class AppController extends Controller {

public $components = array(
    'Session',
    'Auth' => array(
        'authenticate' => array(
            'Blowfish' => array(
                'fields' => array('username' => 'email', 'password' => 'password')
            )
        )
    )

);

public function beforeFilter() {      
  $this->Auth->deny('add');
  $this->Auth->allow('view');
}

}

    My PagesController is simply this:

    <?php
App::uses('AppController', 'Controller');

class PagesController extends AppController {

public $uses = array('Pages');

public function view($id = null) {
       echo 'In view';
    }

public function add($id = null) {
       echo 'In add';
    }

}
  • Admin
    Admin about 11 years
    Thank you sir. That's what I was worried about. I'm assuming that isAuthorized will only work with people who have accounts then?
  • ADmad
    ADmad about 11 years
    Yes isAuthorized is used for authorization and comes into play only after a user logs in.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Get Request work in postman but doesn't work in browser
CakePHP - How to make routes with custom parameters?
Cakephp add form inside modal window while in index view
Avoid CakePHP's Auth component to display authentication error messages
Controller validation in Cakephp
CakePHP Authentication on REST API
Can't get Auth login to work with CakePHP 2.0
How to go back to referer page in CakePHP after login
CakePHP Auth how to allow specific controller and actions
CakePHP 2.3.1 deactivate form validation in certain views