Hi friends,
I am a new user of CakePHP, and just finished the tutorials. I created
a small application for testing and found out a problem and also its
cause, its just that I dont know if it is a real problem or not.
Here are relevant details :-
1. I have just 2 models : 'User' and 'Group'
2. Two controllers : users_controller.php, groups_controller.php
3. Nothing is baked, all hand-coded.
4. Most of the things are setup exactly like in ACL Example
Application in cookbook : 3 groups, 3 users.
5. In app_controller.php i have just the same function body of
beforeFilter as described in that application.
Now, the real thing :
1. i created a function in users_controller : adminTest ().
2. that function does nothing, but according to ACL tables, only
administrator can view it (its view has a simple msg).
3. but whenever i access the function in browser : <cakephppath>/users/
adminTest, i always see it no matter i am
logged in or not.
4. now, after a lot of 'research', i reached up to the source code of
startup() function of Auth component in cake's
source code.
5. i sprinkled that function with many logging functions. now if you
take a look at the first 'if' condition, which tests
for the value of $isErrorOrTests, it returns true if the condition
is satisfied. My log files suggests that the function
is returning true from that very if statement bypassing any
authentication.
6. the value of $isErrorOnTests depends on 3 conditions OR'ed
together. The last(third) one is one which i am interested in as the
above two are obviously false (look source code to know why).
7. the third condition is :
! in_array ($controller->params['action'], $controller-
>methods)
8. so, if that is true, the 'action' is NOT in the $controller-
>methods.
9. now i printed this in logs : print_r ($controller->methods, true)
10. what i saw was an array which contained : 'admintest' (notice my
function's name was 'adminTest', 'T' is
capital)
11. now the cool thing is if i add 'adminTest' to $this->methods in
beforeFilter of my controller, the authentication
system works fine and throws me on login page.
12. or even if rather than adding 'adminTest' to $this->methods, i
just rename my function to 'admintest' and also
change the name of the corresponding view, even then
authentication works and i come to login page !!!
So, my question is, isnt is a good idea to mention it somewhere that
this happens so that new users dont get
confused, or is it some kind of bug ?
Thanks everyone here for making Cake such a great piece of software :)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
