I've created a plugin called 'IssueTracker', which is located in app/Plugin/IssueTracker. I've created a Controller called Tickets and it is accessible at www.example.com/issue_tracker/tickets/. But, only for logged in users with the rank 'Admin'.
That wasn't exactly what I was hoping for, so I added in my Plugin/IssueTracker/Controller/TicketsController.php the following:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('index');
}
I hoped that with this piece of code (which I'm using in several other controllers in my app/Controller/ that it would inherit from my AppController.php file. The TicketsController.php file extends the IssueTrackerAppController (like this):
class TicketsController extends IssueTrackerAppController {
//functions goes in here
}
And in my Plugin/Controller folder I've created the file IssueTrackerAppController which extends the AppController.
In my AppController.php file I've allready defined that 'index' and 'view' are public actions. But, for some reason, it doesn't work in my plugin.
Is there something that I'm overseeing? When I access www.example.com/issue_tracker/tickets as a not logged in user (Guest), it tells me that I need to login. If I'm logged in as a user, but not as an Admin, the Auth component won't allow me in and presents the login form.
There should be a way to get Auth working in a plugin, right?
EDIT
Below is the AppController.php snippet where I've configured Auth:
public $components = array(
'Auth' => array(
'loginAction' => array('controller' => 'users', 'action' => 'login', 'plugin' => false),
'loginRedirect' => array('plugin' => false, 'controller' => 'ervaringen', 'action' => 'add'),
'logoutRedirect' => array('plugin' => false, 'controller' => 'ervaringen', 'action' => 'index'),
'authorize' => array('controller'),
'flash' => array(
'element' => 'error',
'key' => 'auth',
'params' => array(
'heading' => 'Waarschuwing!')
),
'authError' => 'Je moet inloggen om deze inhoud te bekijken.',
),
'Session',
'DebugKit.Toolbar'
);
Mystery solved.
After rescanning all the code in the plugin, I noticed that one of my coworkers on the project used $variable = $this->requestAction(link/here/with/id/etc);, which leads towards a controller function. That particular function wasn't allowed in any way by the beforeFilter(), causing a 'function denied' bij the Auth system.
I've added this particular function in $this->Auth->allow('function'); in the beforeFilter() of the plugin and now it is working.
Related
In my AppController I have this code for the component
public $components = array(
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'unauthorizedRedirect' => array(
'controller' => 'member',
'action' => 'index'
)
),
'Session',
'DebugKit.Toolbar'
);
So, unauthorizedRedirect is working fine. I tried to type the URL the user has no access to and fortunately, I am redirected to 'localhost/appname/member/'.
My concern is that, this only applies to one type of logged in user.
Let us say a logged in user tried to access localhost/appname/admin/add_post/. Since only admins have access to that page, the user will be redirected to localhost/appname/member/. What if it's an admin who accessed an unauthorized page? Of course, that admin will have to redirected somewhere, but not to localhost/appname/member/.
How can I solve this?
I believe there are many ways. You are already using the ACL which is one way. Or another "lazy" way to do this is to use the beforeFilter method inside the AppController.
Ok, so after several hours of researching and stuff I was able to come up with a solution.
This is the code for the AppCntroller:
public $components = array(
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'unauthorizedRedirect' => false
),
'Session',
'DebugKit.Toolbar'
);
What this does is rather than redirecting the user to another page, it will just show 'error400.ctp'.
Now, we don't want to show the default CakePHP error layout so we still have to edit it or make a custom one.
Create a new file under 'View/Layouts/your_error_file.ctp'. After that, go to 'View/Errors/error_file.ctp' and paste the following code:
$this->layout = 'your_error_file'
I started creating plugin for my application, and I encountered one problem. Since application is ACL controlled it's seems that that applies to plugin also.
I want some actions of plugin to be accessible only to registered users and others to everyone. The problem is that I get redirected to plugin.UsersController's login action. I dont have that controller in my plugin.
Any ideas how to solve this?
Array urls and CakePHP routing
AuthComponent::$loginRedirect is the url to redirect users to to login. If it's defined as an array, it will obey the normal routing rules for CakePHP that is:
$url = Router::url(array(
'action' => 'index'
));
This is the current route-prefix, plugin and controller - with the action index
$url = Router::url(array(
'controller' => 'foos',
'action' => 'index'
));
This is the current prefix and plugin - with the controller foos and the action index
$url = Router::url(array(
'plugin' => null,
'controller' => 'foos',
'action' => 'index'
));
This is the current prefix - with no plugin, the controller foos and the action index
$url = Router::url(array(
'prefix' => null,
'plugin' => null,
'controller' => 'foos',
'action' => 'index'
));
This defines all defaults - no route prefix, no plugin, the controller foos and the action index
Configure Auth appropriately
Therefore, to configure the auth redirect - just ensure to define the plugin and routing prefix:
public function beforeFilter() {
$this->Auth->loginRedirect = array(
'prefix' => null,
'plugin' => null,
'controller' => 'users',
'action' => 'login'
);
parent::beforeFilter();
}
OR define it as a string:
public function beforeFilter() {
$this->Auth->loginRedirect = '/users/login';
parent::beforeFilter();
}
I have done admin routing for my admin panel. Right now the url is localhost/app/admin.
Now I have 2 Tables Admins and Users.
I have created an url for the login localhost/app/admin/admins/login.
The page prompts for a username and a password.
But the Problem is when create component in appcontroller with loginredirect it is redirected to localhost/app/admin/users/login.I don't know why. I even tried changing the loginredirect path but it's nothing worked.
This is my appcontroller.php :
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'admins', 'action' => 'add'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'display', 'home')
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
Even if I delete the user table, it redirects to the users login.
It sounds like your Auth component isn't working. instead of adding the auth redirects into the components variable, put them in your beforeFilter(). Your appController should be:
public $components = array('Auth','Session');
public function beforeFilter()
{
$this->Auth->loginRedirect = array('action' => 'add', 'controller' => 'admins');
$this->Auth->logoutRedirect = array('controller' => 'pages', 'action' => 'display', 'home');
$this->Auth->authError = 'You are not allowed to see that.';
}
Are you logging in successfully? if so, check routes.php to make sure you're routing things correctly. this could be tested by trying to navigat to example.com/admins/add manually.
I'm using the admin prefix in my Cakephp app, for some admin views. I'm also using Auth to restrict access to those views, based on a role field in the User table. Pretty standard.
The problem is, that when an unauthorized user tries to go to, say, admin/users, (in this case the index action is prohibited), they are redirected to /admin/users/login which of course, doesn't exist.
This doesn't happen with actions that do not have the admin prefix. Those behave just fine.
Why are users being sent to to a login that is prepended by the admin prefix and the prohibited action?
Anyone who is still having trouble with this, according to the documentation you can use an array or a string in loginAction (Documentation).
Using an array and setting 'admin' => false was still giving me trouble, so I tried using a string instead:
public $components = array(
'Auth' => array(
'loginRedirect' => array('controller' => 'dashboards', 'action' => 'home'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'loginAction' => '/users/login',
'authorize' => array('Actions')
),
);
This ended up solving my problem. Hopefully it works for you as well.
You need to override the specific prefix in the routing array.
$this->Auth->loginAction = array(
'controller' => 'users',
'action' => 'login',
'admin' => false
);
or, if you're using multiple prefixes, you can dynamically remove the prefix name like this:
$this->Auth->loginAction = array(
'controller' => 'users',
'action' => 'login',
$this->request->prefix => false
);
I have used ACL in CakePHP 1.3 without a single issue, after 2 weeks of bitter frustrations it still does not work in CakePHP 2.0.
I have followed the Cake ACL tutorial EXACTLY, but nothing happens. All Aros are in correctly, same for ACOS and permissions.
After all this, I can enter all denied actions without a problem.
Hereby my AppController:
public $components = array('Acl','Auth'=> array(
'authenticate' => array(
'Actions',
'Form' => array(
'fields' => array('username' => 'email')
),
)
), 'Session', 'MathCaptcha', 'RequestHandler');
In my BeforeFilter:
$this->Auth->actionPath = 'controllers';
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'pages', 'action' => 'home');
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'profile');
$this->Auth->allow('display');
Does someone have an idea what goes wrong. Thanks!
In CakePHP 2.0 I've made this way:
app/Controller/AppController.php
class AppController extends Controller {
public $components = array(
// others components...
'Session',
'Acl',
'Auth'=> array(
// Setting AUTHORIZATION "What can you do?"
'authorize' => array(
'Actions' => array(
'actionPath' => 'controllers'
)
),
// Setting AUTHENTICATION "Who are you?"
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'email', 'password' => 'password'
)
)
)
)
);
// other stuffs...
With this aproach, ACL will make all dirty job. Is not necessary to check permitions, as you probably know.
I believe you are Ok about AROs and ACOs, not big deal. Just in case:
http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application.html#simple-acl-controlled-application
The CakeBook for 2.0 shows a Console plugin called AclExtras that build your ACOs. Your AROs will be built as users and groups are added/deleted. I've used this plugin to generate AROs regarding my already filled tables: http://www.alaxos.ch/blaxos/pages/view/plugin_acl. This works fos 1.3, but there is a beta version for 2.0 that works ok.
After that, You must set up permitions. Manually (or from Console) as this links describes: http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/part-two.html#setting-up-permissions. Or visually with Alaxos's Plugin.
I hope this help! It's worked for me. I'm using CakePHP 2.0.2
The Auth component changed quite a bit from CakePHP 1.3 to 2.0. I bumped into similar issues migrating an app from 1.3 to 2.0. I found that setting the authorize option was where I needed to make my change:
In beforeFilter:
$this->Auth->authorize = array(
'Actions' => array(
'userModel' => 'User',
'actionPath' => 'users'
)
);
The userModel was the model class used in the Aro table. The actionPath is the root level of the actions that Acl checks in the Aco table.
You may also want to deny then allow:
$this->Auth->deny('*');
$this->Auth->allow('display');
Hope this helps.