Thanks,
But I don't want admin or anything before login I don't want to put admin => false, editor => false or anything they might be trying Simply if they do try to access something with any of the admin routes they get sent to users/login. Any controller which has no public asses at all $this->Auth->allow(); //allow nothing so any attempt to access any function in the controller / letmein/users/view/12 will send them to users/login not some fake letmein/user/login or admin / manger / editor..simply send them to USERS/LOGIN no prefix, no route just USERS/LOGIN. From: [email protected] [mailto:[email protected]] On Behalf Of Vanja Dizdarevic Sent: Friday, October 19, 2012 6:36 PM To: [email protected] Subject: Re: Routing Issue Since I'm no expert in Auth component, let me just sing you the song of my code. file: routes.php Router::connect('/users/login', array('controller'=>'users', 'action'=>'login', 'prefix'=>'admin', 'admin'=>true)); file: AppController.php public $components = array( 'Auth' => array('authorize' => 'Controller', // this forces admin_login to be the only login method regardless of prefix 'loginAction' => array( 'controller' => 'users', 'action' => 'login', 'prefix'=>'admin', 'admin' => true)) ); public function beforeFilter(){ if (isset($this->params['prefix']) && in_array($this->params['prefix'], array('admin', 'editor'))) { //not relevant to question, but useful: Configure::write('Session.timeout', 60 * 4); $this->layout = 'admin'; $this->Auth->deny(); } else { Configure::write('Session.timeout', 60 * 48); // $this->layout = 'default'; $this->Auth->allow('*'); } } public function isAuthorized($user = null) { // Any registered user can access public functions if (empty($this->request->params['admin']) && empty($this->request->params['editor'])) { return true; } // Only admins can access admin functions if (isset($this->request->params['admin'])) { return (bool)($user['role'] === 'admin'); } // Only editors can access editor functions if (isset($this->request->params['editor'])) { return (bool)($user['role'] === 'editor'); } // Default deny return false; } This works for me (but test it anyways). I'm using 'admin' and 'editor', but login is always done through UserController::admin_login() method, regardless of prefix. The login route is always /users/login, without the prefix. Is this what you were searching for? -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php?hl=en. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php?hl=en.
