Noob question!
I have a complete admin setup: login, authentication an so on, it's working.
So, now i need a new controller to another situation and then i create the controller named PressDownloadsController and the correct views to every action inside this new controller.
I also created the following route:
Router::connect('/pressdownloads', array('controller' => 'pressdownloads', 'action' => 'downloads'));
Inside the pressDownloads controller, there's some redirect between some actions.
When i try to open the url /pressdownloads/downloads or just /pressdownloads it just goes to admin controller and i need to login in before acess the pressdownloads area.
Why?
The Auth Settings inside UsersController (admin):
Ok. I get it.
So the auth settings:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array(
'controller' => 'users',
'action' => 'login',
'prefix' => 'admin',
),
'loginRedirect' => '/admin/events',
'logoutRedirect' => '/admin',
'authError' => 'Acesso negado',
'flash' => array(
'element' => 'admin/messages/error',
'key' => 'auth',
'params' => array()
),
'authorize' => array('Controller'),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
I recommend to check Auth component settings and how you split admin area from non-admin.
Also, you may specify in your routing not to use admin prefix like this:
Router::connect('/pressdownloads', array('controller' => 'pressdownloads', 'action' => 'downloads', 'admin' => false));
I believe you are going to that link after "Admin" has been enabled. Simply put you must be clicking the link from the pages served by admin.
Try adding additional parameter "admin" => false in your present route.
Router::connect('/pressdownloads',
array(
'controller' => 'pressdownloads',
'action' => 'downloads',
'admin' => false
)
);
Related
I have seen many similar problems here in SO but none have helped me solving my problem.
I don't think CakePHP's AuthComponent is behaving properly when it comes to permission errors.
My CakePHP app is in a subdomain of my website (e.g. http://www.example.com/myapp). Everytime a permission error occurs (user is not allowed to see this page), Cake adds another "/myapp" in the URL (so it becomes http://www.example.com/myapp/myapp) and naturally throws an error which says that "myapp" controller doesn't exist.
In my scenario, the login view is linked to the root of the website. So, I have in my AppController:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array(
'controller' => 'users',
'action' => 'login'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'authorize' => 'Controller',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
And in routes.php:
Router::connect('/', array('controller' => 'users', 'action' => 'login'));
Router::connect('/users', array('controller' => 'users', 'action' => 'login'));
Router::connect('/pages/*', array('controller' => 'pages', 'action' => 'display'));
All I want is to be able to configure manually which URL Cake should redirect to in case of permission errors. Anybody knows how to do that?
I'm sorry guys, I accidentally found the answer a bit later. As CakePHP has some very intuitive labels, I started guessing some possible options for the Auth Component that would solve my problem. And I ended up discovering the unauthorizedRedirect option!
So I have:
'unauthorizedRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
And it's working just fine now. I just wish Cake's documentation had covered this... If it does, I swear I couldn't find it anywhere.
I have define the custom route rule as:
Router::connect('/permission/',
array(
'plugin' => 'Authorization',
'controller' => 'permissions',
'action' => 'index',
'admin' => true,
),
);
With this setting routes works fine for url like http://example.com/permission
But I also need to define route for the parameters
I have tried for it as:
Router::connect('/permission/:index',
array(
'plugin' => 'Authorization',
'controller' => 'permissions',
'action' => 'index',
'admin' => true,
),
array(
'pass' => array('index')
)
);
With this route cake throw exception:
Error: PermissionController could not be found.
I want route to be work for
http://example.com/permission/2
It should point to http://example.com/admin/authorization/permissions/index/2
can anyone know, how to define custom routes with parameters correct way?
You need to modify your route like as
Router::connect('/permission/:id', array('plugin'=>'authorization,'controller' => 'permissions', 'action' => 'index'),array('pass'=>array('id')));
I am setting for the first time the Auth component on my site, and everything seems to work fine except when I try to access a restricted page. Instead of being redirected to http://localhost/MySite/users/login, I get redirected to http://localhost/MySite/users/users/login, the controller name is repeated on the url. How can this issue be fixed?
I am using CakePhp 2.4.4
AppController
class AppController extends Controller {
public $components = array('DebugKit.Toolbar',
'Session','Auth' => array(
'loginRedirect'=> array(
'controller' => 'admins',
'action' => 'admin_index'
),
'logoutRedirect' => array(
'controller' => 'users',
'action' => 'login'
),
'loginAction' => array(
'controller' => 'users',
'action' => 'login',
'plugin' => 'users'
),
'authError' => 'Não tem permissão para aceder a esta área. Por favor faça login.',
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'username', 'password' => 'password'
),
'userModel' => 'User'
)
),
'authorize' =>array('Controller'
)
)
);
public function beforeFilter(){
$this->Auth->allow('index','ShowImages','ShowShowbill','ShowVideos','ShowContactUs','contact','login','DisplayMusic','DisplayEntertainment','DisplayPromotion','DisplayStaff','DisplayEquipments');
}
In Auth component you need to add 'unauthorizedRedirect' otherwise Cake tries to redirect to /{app-directory} (this was giving me a headache yesterday).
public $components = array(
//your other components
'Auth' => array(
//your other options for Auth
'unauthorizedRedirect' => '/home'
)
);
This would direct any user trying to access a page they shouldn't be allowed on to 'yourDomain/home'.
When user access unauthorized url in my application, CakePHP execute too many redirects.
I don't know why.
I try set the parameters unauthorizedRedirect and redirectUrl, but doesn't work.
AppController.php
public $components = array(
'DebugKit.Toolbar',
'Session',
'Acl',
'Auth' => array(
'unauthorizedRedirect ' => false,
'loginAction' => array('controller' => 'users', 'action' => 'login'),
'authenticate' => array(
'Form' => array(
'userModel' => 'User',
'fields' => array('username' => 'nickname', 'password' => 'password_hash')
),
),
'authorize' => array(
'Actions' => array('actionPath' => 'controllers/')
)
// 'authError' => 'This error shows up with the user tries to access a part of the website that is protected',
)
);
Change this
"actionPath" => "controllers/"
into this
"actionPath" => "Controllers/"
I'm quite sure that you are on a case sensitive OS.
Another thing to setup it's the "loginRedirect" and the "logoutRedirect" statements: at the moment, if you login into the users/login action you will be redirected to the same action again and again. For a testing purpose I'd recommend you to set both of them to the root just adding this to your code:
'loginRedirect' => '/',
'logoutRedirect' => '/'
firstly check that is users/login action can display content to unauthorized user ? Use $this->Auth->allow(array('login', 'logout') in user controller. If you use Acl and Action authorize, check that anonymus has permission to see this user/login page.
I'm building a closed website which has a landing page for everyone.
I'm using ZfcUser and BjyAuthorize.
Everything works now but I wonder how I can exclude my Application's Application\Controller\Index::index action.
In my module.bjyauthorize.global.php I told my action to require no authentication:
'BjyAuthorize\Guard\Controller' => array(
array(
'controller' => 'Application\Controller\Index',
'action' => 'index',
'roles' => array()
),
// ...
But still I get forwarded to the ZFCUser login page.
Any idea what I'm missing?
Edit:
I tried it with the guest role but no luck so far:
'default_role' => 'guest',
'BjyAuthorize\Provider\Role\Config' => array(
'guest' => array(),
'user' => array(
'children' => array(
'admin' => array(),
),
),
),
NOTE: valid in BjyAuthorize 1.2.*
You have to allow the guest user to access the index page:
'BjyAuthorize\Guard\Controller' => array(
array(
'controller' => 'Application\Controller\Index',
'action' => 'index',
'roles' => array('guest', 'user')
),
// ...
What you defined in your question is a deny-all instead.
Since BjyAuthorize's controller guard configuration acts as a whitelist, there is no way to allow access to all roles at once right now.