I'm building a CakePHP application and I have an API controller. This holds some methods that are common around the site, and I use them with jQuery AJAX calls to do certain things. I recently implemented user registration with the Auth component, but now whenever I try and access the API when I'm not logged in I get redirected to the login page.
This is my AppController code:
class AppController extends Controller {
public $components = array('Session', 'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'images'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'home')
));
public function beforeRender() {
$this->set('loggedIn', $this->Auth->loggedIn());
$this->set('username', $this->Auth->user('username'));
}
public function beforeFilter() {
$this->Auth->allow('home', 'register', 'login');
}
}
I know I can allow certain methods within my API controller with the $this->Auth->allow() method, but is there any way to make it controller-wide? For example, is there something I can put in my API controller so non-logged in users can access its methods aswell? I'd rather not put the method names for each action in the allowed list, because there's about 30 of them.
Thanks.
Put this in the ApiController:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow(); //pass no arguments to allow all
}
Related
I created a policy in laravel 5.3 with this two actions:
class ProjectPolicy {
...
public function index(User $user)
{
return true;
}
public function create(User $user)
{
return true;
}
...
}
and then I tried to make authorization via route group middleware:
Route::group(['middleware' => ['can:index,create,App\Project']], function () {
Route::resource('projects', 'ProjectController');
});
ofcourse I have created Project model and controller correctly, but calling index and create actions always returns 403 forbidden response. where is the problem?
Update:
removing one of actions from route middleware, results correct response. something like this:
Route::group(['middleware' => ['can:index,App\Project']], function () {
Route::resource('projects', 'ProjectController');
});
Looking through the docs the can middleware doesn't really lend itself to resources. You could use multiple middleware calls on the group but this would mean that your use would require all privileges to access the routes.
Your alternatives are:
Add $this->authorize(new App\Project) to your index and create methods in your controller. Laravel will use reflection to figure out what policy to use based on the method it is called from.
Or
In the __construct() method of your controller you could use:
$this->authorizeResource(App\Project::class);
This will require you to
create update, view and delete methods inside your Policy class. Each of these methods will be passed User $user, Project $project e.g.
public function view(User $user, Project $project)
{
return true;
}
FYI, if you leave off the method name with authorize() or you use authorizeResource() Laravel will map certain method names to different policy methods i.e. :
[
//ControllerMethod => PolicyMethod
'show' => 'view',
'create' => 'create',
'store' => 'create',
'edit' => 'update',
'update' => 'update',
'destroy' => 'delete',
];
You can override this by adding a resourceAbilityMap() method to your controller and returning a different array to the one above.
Hope this helps!
Spend hours on that ...
If your controller method does not take a Model as parameter, you also have to override the resourceMethodsWithoutModels().
protected function resourceAbilityMap()
{
Log::info("Inside resourceAbilityMap()");
return array_merge(parent::resourceAbilityMap(), [
//ControllerMethod => PolicyMethod
'index' => 'index',
'search' => 'search'
]);
}
protected function resourceMethodsWithoutModels(){
return array_merge(parent::resourceMethodsWithoutModels(), [
'search'
]);
}
Hi i have a table name chat_users
I have connected users table for last few projects it working fine. But this is my first project i have a different table name chat_users
I want to login this table with username and password
I have tried but unable to login.
Please help me.
Code-
AppController.php
<?php
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array('Auth', 'Session', 'Email', 'Cookie', 'RequestHandler', 'Custom');
public $helpers = array('Html', 'Form', 'Cache', 'Session','Custom');
function beforeFilter() {
parent::beforeFilter();
$this->Auth->authenticate = array(
'Form' => array (
'scope' => array('ChatUser.is_active' => 1),
'fields' => array('ChatUser.username' => 'username', 'ChatUser.password' => 'password'),
)
);
}
}
?>
UsersController.php
<?php
App::uses('AppController', 'Controller');
class UsersController extends AppController {
public $name = 'Users'; //Controller name
public $uses = array('ChatUser');
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('login');
}
public function index() {
}
public function login() {
$this->layout='login';
if ($this->request->is('post')) {
if (!$this->Auth->login()) {
$this->Session->setFlash(__('Invalid username or password, try again'), 'error_message');
$this->redirect($this->Auth->redirect());
}
}
if ($this->Session->read('Auth.ChatUser')) {
return $this->redirect(array('action' => 'index'));
exit;
}
}
public function logout() {
return $this->redirect($this->Auth->logout());
}
}
Above query i am getting missing table.
See screenshot-
Your auth component configuration is incorrect. You are missing the appropriate userModel option, which defines the name of the model to use
And the fields configuration doesn't work the way your are using it, the keys must be named username and password, and the value can then contain the actual column name, however since your columns are obviously using the default names, there's no need to use this option at all.
$this->Auth->authenticate = array(
'Form' => array (
'scope' => array('ChatUser.is_active' => 1),
'userModel' => 'ChatUser'
)
);
Also the session key will always be Auth.User unless you are explicitly changing it via AuthComponent::$sessionKey:
$this->Auth->sessionKey = 'Auth.ChatUser';
However, you are better of using the auth component to access the user data anyways:
// Use anywhere
AuthComponent::user('id')
// From inside a controller
$this->Auth->user('id');
See also
Cookbook > Authentication > Configuring Authentication handlers
Cookbook > Authentication > Accessing the logged in user
I have two things I need to do in Cake 2.2. I need to check that someone is logged in on every page, and then I need to store their user ID as a constant named UID.
I want to avoid being on each controller and having to check the user. I want it done automatically, so naturally I go to AppController and try BeforeFilter. It doesn't seem to have initialized the session, so I scratch that and try afterFilter, but that (and BeforeRender) is really not what I want to do; I don't want a single thing that I can stop from happening, to happen on page request if they're not logged in. Bootstrapping was also not the answer, as far as I could tell.
So how can I check if a user's logged in, and at the same time define a constant for the rest of my application?
You can do the same by invoking a user session check method in beforeFilter() method in AppController. Your code should looks like:
<?php
App::uses('Sanitize', 'Utility');
App::uses('Controller', 'Controller');
class AppController extends Controller
{
public $components = array(
'Session',
'RequestHandler'
);
public $helpers = array('Html', 'Form', 'Session', 'Js' => array('Jquery'), 'Text');
public $uses = array('User');
public function beforeFilter()
{
if($this->Session->check('User.id'))
{
$this->set('logged_in', true);
$this->set('username', trim($this->Session->read('User.first_name'). ' '. $this->Session->read('User.last_name')));
}
else
{
$this->set('logged_in', false);
}
}
/*.......... Rest of your code ..............*/
}
Kindly ask if it not worked for you.
I am using Cakephp1.3, i want to deny some functions
Here is my code which is written in users controller
function beforeFilter(){
parent::beforeFilter();
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->authorize = 'controller';
}
function isAuthorized() {
$this->deny('delete');
return true;
}
But i am still able to access delete function .i want to stop access for delete function.
Thanks in advance
function isAuthorized() {
if ($this->action == 'delete') return false;
}
and I would put a pr(); statement somewhere inside of isAuthorized() just to make sure you are at least making it to that function.
I am working in cakephp, and I have the following two lines in my /app/config/routes.php file:
/**
* ...and setup admin routing
*/
Router::connect('/admin/:controller/:action/*', array('action' => null, 'prefix' => 'admin', 'admin' => true, 'layout' => 'admin' ));
/**
* ...and set the admin default page
*/
Router::connect('/admin', array('controller' => 'profiles', 'action' => 'index', 'admin' => true, 'layout' => 'admin'));
I also have a layout at /app/views/layouts/admin.ctp
However, the layout is not changed when I visit admin URLs
Create a app/app_controller.php and put this in:
<?php
class AppController extends Controller {
function beforeFilter() {
if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
$this->layout = 'admin';
}
}
}
Don't forget to call parent::beforeFilter(); in your controllers if you use it in other controllers.
Semi related to the question, you don't need the routes defined, you just need to enable Routing.admin config option and set it to admin in the app/config/core.php. (CakePHP 1.2)
Add this code in beforeFilter() function in
app_controller.php
<?php
class AppController extends Controller {
function beforeFilter() {
if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
$this->layout = 'admin';
} else {
$this->layout = 'user';
}
}
}
?>
Set layout='admin' in
routes.php
<?php
Router::connect('/admin', array('controller' => 'users', 'action' => 'index','add', 'admin' => true,'prefix' => 'admin','layout' => 'admin'));
?>
For CakePHP 3.X you should edit your src/View/AppView.php file and add the following code to your initialize() method:
public function initialize()
{
if ($this->request->getParam('prefix') === 'admin') {
$this->layout = 'Plugin.layout';
}
}
the approaches above are good but if you are looking to change the layout for every page when logged in you might try the following using Auth Component
function beforeFilter() {
if ($this->Auth->user()) {
$this->layout = 'admin';
}
}
For cakephp 3.0 you can set a view variable by calling Auth->user in the beforeRender in AppController. This is my beforeRender:
public function beforeRender(Event $event)
{
///...other stuff
$userRole = $this->Auth->user();
$this->set('userRole', $userRole['role']);
}