you need some more settings that what you have.
What is your db set up (what table are your users stored in?) - try having
redirects turned off whilst your setting up your auth, otherwise you may be
endlessly redirecting (turn if on when you happy that the rest of auth is
working)
// something like this is in my app ctrlr
$this->Auth->fields = array('username' => 'uname', 'password' =>
'pword');
$this->Auth->loginAction = array('controller' => 'users',
'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'home',
'action' => 'index');
$this->Auth->loginRedirect = array('controller' => 'user',
'action' => 'index');
$this->Auth->loginError = 'Invalid e-mail / password
combination. Please try again';
$this->Auth->authError = 'You have logged out please log back in
so we know who you are';
$this->Auth->autoRedirect = false;
$this->Auth->authorize = 'controller';
$this->Auth->allow('index', 'view');
$this->Auth->deny('delete', 'add', 'edit');
$this->Auth->userScope = array('User.active' => 1);
// user controller (in your case might be admins - though I wuld have a
field in my user table that describes the role eg admin, editor, etc) - bare
in mind I have altered the above to make it simplier. The eceprt below
might need more editing - perhaps I have overlooked something becasue I am
tired
var $component = array('Auth', 'Cookie', 'Session');
function beforeFilter() {
// allow then deny for controller
$this->Auth->deny(Array('index', 'add', 'edit', 'delete'));
parent::beforeFilter();
}
function login() {
if ($this->Auth->user()) {
if (!empty($this->data)) {
// debug($this->data);
if($this->data['User']['remember_me']) {
$cookie = array();
$cookie['username'] = $this->data['User']['uname'];
$cookie['password'] = $this->data['User']['pword'];
$this->Cookie->write('Auth.User', $cookie, true, '+2
weeks');
unset($this->data['User']['remember_me']);
}
}
$this->redirect(((strpos('logout', $this->Auth->redirect()) ===
false) ? $this->Auth->redirect() : '/users/profile/' .
$this->Auth->User('id')));
}
if (empty($this->data)) {
$cookie = $this->Cookie->read('Auth.User');
if (!is_null($cookie)) {
if ($this->Auth->login($cookie)) {
// Clear auth message, just in case we use it.
$this->Session->del('Message.auth');
$this->redirect(((strpos('logout',
$this->Auth->redirect()) === false) ? $this->Auth->redirect() : '/'));
}
}
}
}
function logout() {
$this->Session->del('Message.auth');
$this->Cookie->del('Auth.User');
// $this->Session->del('Auth.User');
// debug($this->Auth->logout()); die();
$this->flash(__('User Logged Out', true), ((strpos('logout',
$this->Auth->logout()) === false) ? $this->Auth->logout() : '/'));
}
2008/5/10 Fabian <[EMAIL PROTECTED]>:
>
> Ok i've simplified this to :
>
> function beforeFilter(){
>
> $this->Auth->allow('*');
> $this->Auth->deny('delete','add','edit');
> }
>
>
> and the urls with controller/delete , controller/add, , controller/
> edit can be seen now =(
> It seems the only thing that works is ' * '
>
>
>
>
> On May 9, 5:14 pm, Fabian <[EMAIL PROTECTED]> wrote:
> > class AppController extends Controller {
> >
> > var $components = array('Auth');
> >
> > function beforeFilter()
> > {
> > $this->Auth->allow('*');
> > $this->Auth->deny('delete','add','edit');
> >
> > // check if we're using the pages controller
> > if ($this->name == 'Admins'){
> > get args
> >
> $this->Auth->deny('delete','add','edit','index');
> > }
> > }
> >
> > basically all I've done is copy what was on the manual.
> >
> > About admins routing I also want to deny access to a different
> > controller as well. So they can't see admins and properties indexes
> > for both
> >
> > I thought there was a simple way to do this but I guess not =(
> > On May 9, 5:02 pm, "Sam Sherlock" <[EMAIL PROTECTED]> wrote:
> >
> > > so that is the beoreFilter of the Admins controller
> >
> > > and you have Auth set in your app_controller - post your auth set up
> too
> >
> > > does putting parent::beforeFilter in the Admins controller help
> >
> > > also you could use admin routing here which IMHO would simplify things
> a
> > > little
> >
> > > hth - S
> >
> > > 2008/5/9 Fabian <[EMAIL PROTECTED]>:
> >
> > > > yes I've read it and thx for the if statement error but still the
> > > > index page is shown.
> >
> > > > I've even tried doing it without the if statement
> >
> > > > function beforeFilter()
> > > > {
> >
> > > > $this->Auth->allow('*');
> > > > $this->Auth->deny('delete','add','edit','index');
> >
> > > > }
> >
> > > > and still all the indexes are showing up
> >
> > > > On May 9, 4:44 pm, "Sam Sherlock" <[EMAIL PROTECTED]> wrote:
> > > > > in your if state your assigning the value the one below compares
> the
> > > > values
> >
> > > > > if ($this->name == 'Admins'){}
> >
> > > > > have you read the auth section of book.cakephp.org?
> >
> > > > > 2008/5/9 Fabian <[EMAIL PROTECTED]>:
> >
> > > > > > Hi all.
> >
> > > > > > I'm having problem using the deny and allow methods for the index
> > > > > > function.
> >
> > > > > > In my app controller I have
> >
> > > > > > function beforeFilter()
> > > > > > {
> >
> > > > > > $this->Auth->allow('*');
> > > > > > $this->Auth->deny('delete','add','edit');
> >
> > > > > > if ($this->name = 'Admins'){
> > > > > > $this->Auth->deny('delete','add','edit','index');
> > > > > > }
> >
> > > > > > }
> >
> > > > > > so if I try to use any url like admins/add if forces me to login
> , but
> > > > > > it doesn't seem to work for the admins/index
> >
> > > > > > What is the correct string I have to place in the deny array so
> it
> > > > > > actually denies the index. I've tried using display, read and
> view.
> > > > > > But none of them work.
> >
> > > > > > Thanks in advance
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
