I've noticed that the Auth component works very strange when it comes to ajax calls. I think the session is involved here plus the fact that if you use IE for a browser, it is caching something wrong. So in my case I put this line:
$this->disableCache(); in the beforeFilter() function in the AppController. Then all worked fine for me, but my app is build around ajax requests and I don't need the cache services of the browser. On Mar 28, 6:25 am, rartavia <[email protected]> wrote: > Hello there, I'm having kind of a hard time setting up Auth Component, > i'm getting really weird behavior. After configuring my Auth & Acl.. > > I know its a large post, but PLEASE HELP!! > I'm initializing with this code: > > function initDB() { > > $aro = new Aro(); > $aros = array( > 0 => array('model' => 'Group', 'foreign_key' => 1), > 1 => array('model' => 'Group', 'foreign_key' => 2), > 2 => array('model' => 'Group', 'foreign_key' => 3), > 3 => array('parent_id' => 1, 'model' => 'User', > 'foreign_key' => > 1), > 4 => array('parent_id' => 2, 'model' => 'User', > 'foreign_key' => > 2), > 5 => array('parent_id' => 3, 'model' => 'User', > 'foreign_key' => 3) > ); // users & groups mysql tables all ready have 3 records > each > > foreach($aros as $data) > { > $aro->create(); > $aro->save($data); > } > > // Reads Configure::listObjects('controller') and create an > aco node > // for each Controller with aco root Controllers/ > $this->buildAcl(); > > $group =& $this->User->Group; > > // Allow admins to everything > $group->id = 1; > $this->Acl->allow($group, 'Controllers'); > > // Deny all to none admins > $group->id = 2; > $this->Acl->deny($group, 'Controllers'); > $group->id = 3; > $this->Acl->deny($group, 'Controllers'); > > } > > In my AppController > > var $components = array('Auth', 'Acl', 'RequestHandler', 'P28n'); > var $helpers = array('html', 'javascript', 'form'); > > function beforeFilter() { > //Configure AuthComponent > $this->Auth->allowedActions = array('display', 'index', > 'view'); > > $this->Auth->authorize = 'actions'; > $this->Auth->loginAction = array('controller' => 'users', > 'action' => 'login'); > $this->Auth->logoutRedirect = array('controller' => 'users', > 'action' => 'login'); > > $this->Auth->actionPath = 'Controllers/'; > > } > > It all started because I'm using swfupload and it worked quite all > right without Auth. After auth once I logged in, got to my view, and > when trying to upload (ajaxly through /uploaded_imgs/upload) i gotten > for response the login page telling me there's no authorization for > that request and I discovered that even after login, Auth->user() was > null in that ajax call. If I called /uploaded_imgs/upload directly > from through the address bar Auth->user() was present. However trying > another ajax call, not with swfupload, the auth->user was also > present. > > Then i went futher to see what the heak was happening, take a look at > this stuff... > > // this IS NOT allowed without login in with or without the commented > lines > // note function has single word name > function publishment(){ > $this->layout = "denouncements_publish"; > //$data = $this->requestAction('/damages/all'); > //$this->set('damages', $data); > } > > // this IS NOT allowed without login in with or without the commented > lines > // note function has single word name > function pub(){ > $this->layout = "denouncements_publish"; > //$data = $this->requestAction('/damages/all'); > //$this->set('damages', $data); > } > > // this IS allowed without login with those lines commented, how > ever > // when those lines are executed aint allowed. Note 2 words function > name > function publishmentTest(){ > $this->layout = "denouncements_publish"; > //$data = $this->requestAction('/damages/all'); > //$this->set('damages', $data); > } > > // this IS NOT allowed without login in > // note function has single word name > function jsonfields(){ > $this->layout = null; > $this->set('json', > json_encode($this->Denouncement->query("DESCRIBE > denouncements", true))); > } > > // this IS allowed without login in > // note function has multiple words name > function fieldNamesJson(){ > $this->layout = null; > $this->set('json', > json_encode($this->Denouncement->query("DESCRIBE > denouncements", true))); > } > > So, getting to the point, how do I get Auth working correctly, > authorizing only the allowed actions declared in appController and > denying the rest to unidentified users. And also, why might uploading > (swfupload) the ajax call to /uploaded_imgs/upload is restricted while > addressbar called works correctly. Why is Auth letting unidentified > calls to some non allowed actions and whats the deal with functions > names that affects Auth for allowing or not a request? any ideas? > > I'll really really appreciate any help > thanks a lot > regards --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
