I started creating plugin for my application, and I encountered one problem. Since application is ACL controlled it's seems that that applies to plugin also.
I want some actions of plugin to be accessible only to registered users and others to everyone. The problem is that I get redirected to plugin.UsersController's login action. I dont have that controller in my plugin.
Any ideas how to solve this?
Array urls and CakePHP routing
AuthComponent::$loginRedirect is the url to redirect users to to login. If it's defined as an array, it will obey the normal routing rules for CakePHP that is:
$url = Router::url(array(
'action' => 'index'
));
This is the current route-prefix, plugin and controller - with the action index
$url = Router::url(array(
'controller' => 'foos',
'action' => 'index'
));
This is the current prefix and plugin - with the controller foos and the action index
$url = Router::url(array(
'plugin' => null,
'controller' => 'foos',
'action' => 'index'
));
This is the current prefix - with no plugin, the controller foos and the action index
$url = Router::url(array(
'prefix' => null,
'plugin' => null,
'controller' => 'foos',
'action' => 'index'
));
This defines all defaults - no route prefix, no plugin, the controller foos and the action index
Configure Auth appropriately
Therefore, to configure the auth redirect - just ensure to define the plugin and routing prefix:
public function beforeFilter() {
$this->Auth->loginRedirect = array(
'prefix' => null,
'plugin' => null,
'controller' => 'users',
'action' => 'login'
);
parent::beforeFilter();
}
OR define it as a string:
public function beforeFilter() {
$this->Auth->loginRedirect = '/users/login';
parent::beforeFilter();
}
Related
My Cake URL is like this:
$token = '9KJHF8k104ZX43';
$url = array(
'controller' => 'users',
'action' => 'password_reset',
'prefix' => 'admin',
'admin' => true,
$token
)
I would like this to route to a prettier URL like:
/admin/password-reset/9KJHF8k104ZX43
However, I would like the token at the end to be optional, so that in the event that someone doesn't provide a token it is still routed to:
/admin/password-reset
So that I can catch this case and redirect to another page or display a message.
I've read the book on routing a lot and I still don't feel like it explains the complex cases properly in a way that I fully understand, so I don't really know where to go with this. Something like:
Router::connect('/admin/password-reset/:token', array('controller' => 'users', 'action' => 'password_reset', 'prefix' => 'admin', 'admin' => true));
I don't really know how to optionally catch the token and pass it to the URL.
You'll want to use named parameters. For an example from one of my projects
Router::connect('/:type/:slug',
array('controller' => 'catalogs', 'action' => 'view'),
array(
'type' => '(type|compare)', // regex to match correct tokens
'slug' => '[a-z0-9-]+', // regex again to ensure a valid slug or 404
'pass' => array(
'slug', // I just want to pass through slug to my controller
)
));
Then, in my view I can make a link which will pass the slug through.
echo $this->Html->link('My Link', array('controller' => 'catalogs', 'action' => 'view', 'type' => $catalog['CatalogType']['slug'], 'slug' => $catalog['Catalog']['slug']));
My controller action looks like this,
public function view($slug) {
// etc
}
I've created a plugin called 'IssueTracker', which is located in app/Plugin/IssueTracker. I've created a Controller called Tickets and it is accessible at www.example.com/issue_tracker/tickets/. But, only for logged in users with the rank 'Admin'.
That wasn't exactly what I was hoping for, so I added in my Plugin/IssueTracker/Controller/TicketsController.php the following:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('index');
}
I hoped that with this piece of code (which I'm using in several other controllers in my app/Controller/ that it would inherit from my AppController.php file. The TicketsController.php file extends the IssueTrackerAppController (like this):
class TicketsController extends IssueTrackerAppController {
//functions goes in here
}
And in my Plugin/Controller folder I've created the file IssueTrackerAppController which extends the AppController.
In my AppController.php file I've allready defined that 'index' and 'view' are public actions. But, for some reason, it doesn't work in my plugin.
Is there something that I'm overseeing? When I access www.example.com/issue_tracker/tickets as a not logged in user (Guest), it tells me that I need to login. If I'm logged in as a user, but not as an Admin, the Auth component won't allow me in and presents the login form.
There should be a way to get Auth working in a plugin, right?
EDIT
Below is the AppController.php snippet where I've configured Auth:
public $components = array(
'Auth' => array(
'loginAction' => array('controller' => 'users', 'action' => 'login', 'plugin' => false),
'loginRedirect' => array('plugin' => false, 'controller' => 'ervaringen', 'action' => 'add'),
'logoutRedirect' => array('plugin' => false, 'controller' => 'ervaringen', 'action' => 'index'),
'authorize' => array('controller'),
'flash' => array(
'element' => 'error',
'key' => 'auth',
'params' => array(
'heading' => 'Waarschuwing!')
),
'authError' => 'Je moet inloggen om deze inhoud te bekijken.',
),
'Session',
'DebugKit.Toolbar'
);
Mystery solved.
After rescanning all the code in the plugin, I noticed that one of my coworkers on the project used $variable = $this->requestAction(link/here/with/id/etc);, which leads towards a controller function. That particular function wasn't allowed in any way by the beforeFilter(), causing a 'function denied' bij the Auth system.
I've added this particular function in $this->Auth->allow('function'); in the beforeFilter() of the plugin and now it is working.
I have a ACL plugin, and I want to be able to redirect back to users/index from this plug in.. but I end up getting funny url's that don't exist. such as /cakephp/admin/acl/users/index
how can I make it go to cakephp/users/index
I have looked through the HTML helper and I'm stumped.
I will be in the cakephp chat room as well
Thanks
You can 'reset' the plugin by setting it to 'false' when creating a link;
e.g.;
echo $this->Html->link('go to user overview', array(
'controller' => 'users',
'action' => 'index',
'plugin' => false
);
update
My guess is that you're using both prefix routing and a plugin. To reset both the plugin and the prefix, do this;
echo $this->Html->link('go to user overview', array(
'controller' => 'users',
'action' => 'index',
'plugin' => false, // resets the plugin
'admin' => false, // resets the admin-prefix
);
I have done admin routing for my admin panel. Right now the url is localhost/app/admin.
Now I have 2 Tables Admins and Users.
I have created an url for the login localhost/app/admin/admins/login.
The page prompts for a username and a password.
But the Problem is when create component in appcontroller with loginredirect it is redirected to localhost/app/admin/users/login.I don't know why. I even tried changing the loginredirect path but it's nothing worked.
This is my appcontroller.php :
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'admins', 'action' => 'add'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home')
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
Even if I delete the user table, it redirects to the users login.
It sounds like your Auth component isn't working. instead of adding the auth redirects into the components variable, put them in your beforeFilter(). Your appController should be:
public $components = array('Auth','Session');
public function beforeFilter()
{
$this->Auth->loginRedirect = array('action' => 'add', 'controller' => 'admins');
$this->Auth->logoutRedirect = array('controller' => 'pages', 'action' => 'display', 'home');
$this->Auth->authError = 'You are not allowed to see that.';
}
Are you logging in successfully? if so, check routes.php to make sure you're routing things correctly. this could be tested by trying to navigat to example.com/admins/add manually.
I'm using the admin prefix in my Cakephp app, for some admin views. I'm also using Auth to restrict access to those views, based on a role field in the User table. Pretty standard.
The problem is, that when an unauthorized user tries to go to, say, admin/users, (in this case the index action is prohibited), they are redirected to /admin/users/login which of course, doesn't exist.
This doesn't happen with actions that do not have the admin prefix. Those behave just fine.
Why are users being sent to to a login that is prepended by the admin prefix and the prohibited action?
Anyone who is still having trouble with this, according to the documentation you can use an array or a string in loginAction (Documentation).
Using an array and setting 'admin' => false was still giving me trouble, so I tried using a string instead:
public $components = array(
'Auth' => array(
'loginRedirect' => array('controller' => 'dashboards', 'action' => 'home'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'loginAction' => '/users/login',
'authorize' => array('Actions')
),
);
This ended up solving my problem. Hopefully it works for you as well.
You need to override the specific prefix in the routing array.
$this->Auth->loginAction = array(
'controller' => 'users',
'action' => 'login',
'admin' => false
);
or, if you're using multiple prefixes, you can dynamically remove the prefix name like this:
$this->Auth->loginAction = array(
'controller' => 'users',
'action' => 'login',
$this->request->prefix => false
);