On Sat, May 10, 2008 at 12:02 AM, BrendonKoz <[EMAIL PROTECTED]> wrote:
>
> There was a topic in the discussion group where someone had mentioned
> calling an allow, and then a deny immediately after does not work (and
> vice versa). I wish I could find the source for you but I'm at a
> loss. It contained more information and a description of the problem.
I think some people have slightly misunderstood how Auth works with
respect to allow/deny. By default, Auth is set to deny access to any
action other than login to someone who is not authenticated. You
allow non-authenticated access to actions through the use of
$this->Auth->allow(...).
Now, if you have certain methods that you want to be "admin only",
then that is where $this->Auth->deny(...) comes into play. Here is a
very simple example of denying users who are not admins access to a
'delete' method in your controller:
function beforeFilter() {
// Other auth stuff before this
$this->Auth->authorize = 'controller';
}
function isAuthorized() {
if ($this->Auth->user('role') != 'admin') {
$this->Auth->deny('delete');
}
}
Hope that helps.
--
Chris Hartjes
Internet Loudmouth
Motto for 2008: "Moving from herding elephants to handling snakes..."
@TheKeyBoard: http://www.littlehart.net/atthekeyboard
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
