Ive made a little break and it came to me that You're right from the
beginning :) I'll just override the requestAction in AppController to
make it look like this (just to illustrate the idea):
function requestAction( $url, $extra = array() ){
$tmp = new Object();
$tmp->plugin = $this->plugin;
//...code for authentication
if( $allowed ){
return $tmp->requestAction( $url , $extra );
}
}
I've made the new Object's instance, since requestAction cannot be
called statically. Assigning $tmp->plugin is a `hack :p` to `simulate`
the controller i'm calling the action from (more of if it's a plugin,
cause that's the only thing that Object's requestAction method needs
to know of Object's instance ).
I also changed the beforeFilter as You suggested. It worked! Thank You
for Your help.
On 30 Mar, 14:35, "AD7six" <[EMAIL PROTECTED]> wrote:
> On Mar 30, 2:25 pm, "Piotr Barszczewski" <[EMAIL PROTECTED]>
> wrote:
>
> > hmm, my last post didn't show here :/ i hope it doesn't show twice,
> > after i add this.
>
> > The requestAction forwards the requests based on a populated list or
> > resources. It's dynamic. I want to use authorization for controllers
> > +actions in one place, so that the ones called normally (based on the
> > http request's url ) are authorized the same way the requestAction'd
> > ones. If I'd do checking before calling requestAction, and again in
> > the beforeFilter in AppController I'd get useless duplication of the
> > same functionality - and that is obviously a bad thing :)
>
> Yes, that's obvious ;).
>
> I would suggest doing it the other way around: check access BEFORE
> calling requestAction - modify your beforeFilter access control check
> to assume that if it's being called by requestAction the user has
> access. It makes no sense to me to call requestAction, invoking all
> the processing that entails, to output "".
>
> HTH,
>
> AD
>
>
>
> > On 30 Mar, 13:49, "AD7six" <[EMAIL PROTECTED]> wrote:
>
> > > On Mar 30, 1:28 pm, "Piotr Barszczewski" <[EMAIL PROTECTED]>
> > > wrote:
>
> > > > oops. forgot to mention: this post is related
> > > > tohttp://groups.google.com/group/cake-php/browse_thread/thread/e8cc55b1...
>
> > > Why call requestAction at all for something the user doesn't have
> > > access to see?
>
> > > AD
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
