I am using Cakephp1.3, i want to deny some functions
Here is my code which is written in users controller
function beforeFilter(){
parent::beforeFilter();
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->authorize = 'controller';
}
function isAuthorized() {
$this->deny('delete');
return true;
}
But i am still able to access delete function .i want to stop access for delete function.
Thanks in advance
function isAuthorized() {
if ($this->action == 'delete') return false;
}
and I would put a pr(); statement somewhere inside of isAuthorized() just to make sure you are at least making it to that function.
Related
Normally, in cakephp there is Auth component to help user login and there is function Auth->Allow() to make the guests users still can access to some pages like Index. But now i want that only Activated account can access almost every function of the web, but still except some normal pages like index, view etc.
I have a fucntion in Appcontroller
public function is_activated(){
$userId = $this->Auth->user('id');
$user = $this->Users->find('all', [
'conditions' => ['id' => $userId],
'fields' => ['id', 'email', 'activated']
])->first();
$activated = $user->activated;
if($activated !== 1){
$this->Flash->error(__('Your account is not yet activated'));
return $this->redirect('/users/activate');
}
}
I call it in BeforeFilter along with Auth->allow() in ProjectsController:
public function beforeFilter(Event $event) {
parent::beforeFilter($event);
$this->Auth->allow(['index', 'getMyProjects']);
$this->is_activated();
}
But in this way, every pages are affected and Auth->allow() not working anymore. Can anybody show me a better way for my is_activated() function, i guess that this way i redirect the web is not a good way.
What you are looking for is isAuthorized() function:
public function isAuthorized($user){
if($user->activated){
return true;
}
return false;
}
Put it in your AppController, you can also override it in your other controllers. If present, it will be automatically called.
Further reading:
https://book.cakephp.org/3.0/en/tutorials-and-examples/blog-auth-example/auth.html#authorization-who-s-allowed-to-access-what
https://book.cakephp.org/3.0/en/controllers/components/authentication.html#authorization
I have a static page I want to add to the existing cakePHP project. I managed to get around the Auth through using this code on PagesController
public $allowedPages = array('main',);
public function beforeFilter() {
$this->Auth->allow('display');
}
public function display()
{
$path = func_get_args();
$count = count($path);
if (!$count) {
return $this->redirect('/');
}
$page = $subpage = null;
if (!empty($path[0])) {
$page = $path[0];
}
if (!empty($path[1])) {
$subpage = $path[1];
}
$this->set(compact('page', 'subpage'));
/*add CHU
if(in_array($page, $this->allowedPages) || $this->User->loggedin) {
$this->render($page);
} */
if(in_array($page, $this->allowedPages) ) {
$this->render($page); //here redirects to login page change the path if the path is different
}
try {
$this->render(implode('/', $path));
} catch (MissingTemplateException $e) {
if (Configure::read('debug')) {
throw $e;
}
throw new NotFoundException();
}
}
And added the route like this:
$routes->connect('/main', ['controller' => 'Pages', 'action' => 'display', 'main']);
But what's happening is that when a user logs in, the login page displays again. I think a validation should be added to check if a user is logged in here:
if(in_array($page, $this->allowedPages) ) {
$this->render($page); //here redirects to login page change the path if the path is different
}
How can I do this?
I tried these answers:
Auth for static page
Allowing a Specific Page in Cakephp
I don't think it's necessary to go through so much hassle. For e.g: If the name of your action is "privacyPolicy", you could simply specify it within $this->Auth->allow() in AppController itself.
In case you'd like to keep it separated and write it within PagesController, I'd suggest you to call the parent function. Otherwise, the beforeFilter within PagesController overrides the beforeFilter of AppController.
//AppController.php
/* Other code */
public function beforeFilter() {
..........
$this->Auth->allow(array(
"action1",
"action2",
"display"
));
}
_____________________ OR ________________________________
// PagesController.php
public function beforeFilter() {
parent::beforeFilter(); // Add this line
$this->Auth->allow('display');
}
Hope this helps.
Peace! xD
I'm building a CakePHP application and I have an API controller. This holds some methods that are common around the site, and I use them with jQuery AJAX calls to do certain things. I recently implemented user registration with the Auth component, but now whenever I try and access the API when I'm not logged in I get redirected to the login page.
This is my AppController code:
class AppController extends Controller {
public $components = array('Session', 'Auth' => array(
'loginRedirect' => array('controller' => 'users', 'action' => 'images'),
'logoutRedirect' => array('controller' => 'pages', 'action' => 'home')
));
public function beforeRender() {
$this->set('loggedIn', $this->Auth->loggedIn());
$this->set('username', $this->Auth->user('username'));
}
public function beforeFilter() {
$this->Auth->allow('home', 'register', 'login');
}
}
I know I can allow certain methods within my API controller with the $this->Auth->allow() method, but is there any way to make it controller-wide? For example, is there something I can put in my API controller so non-logged in users can access its methods aswell? I'd rather not put the method names for each action in the allowed list, because there's about 30 of them.
Thanks.
Put this in the ApiController:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow(); //pass no arguments to allow all
}
My controller has...
class Controller_Staff extends Controller {
public function before() {
parent::before();
$id = $this->request->param('id');
$action = $this->request->param('action');
}
public function action_get($id) {
var_dump($id);
}
}
My route is...
Route::set('a', 'bla/<action>/<id>',
array('id' => '\d+', 'action' => '(get|set)'))
->defaults(array(
'controller' => 'staff',
'action' => 'set'
));
When I enter a URL (bla/get/42) which calls Controller_Staff->before() (before calling action_get()), I can access $id in before(), but $action is always NULL.
Is there a better way to access the current $action in the before() method?
Thanks.
Found it!
It ended up being very easy.
$action = $this->request->action;
I am working in cakephp, and I have the following two lines in my /app/config/routes.php file:
/**
* ...and setup admin routing
*/
Router::connect('/admin/:controller/:action/*', array('action' => null, 'prefix' => 'admin', 'admin' => true, 'layout' => 'admin' ));
/**
* ...and set the admin default page
*/
Router::connect('/admin', array('controller' => 'profiles', 'action' => 'index', 'admin' => true, 'layout' => 'admin'));
I also have a layout at /app/views/layouts/admin.ctp
However, the layout is not changed when I visit admin URLs
Create a app/app_controller.php and put this in:
<?php
class AppController extends Controller {
function beforeFilter() {
if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
$this->layout = 'admin';
}
}
}
Don't forget to call parent::beforeFilter(); in your controllers if you use it in other controllers.
Semi related to the question, you don't need the routes defined, you just need to enable Routing.admin config option and set it to admin in the app/config/core.php. (CakePHP 1.2)
Add this code in beforeFilter() function in
app_controller.php
<?php
class AppController extends Controller {
function beforeFilter() {
if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
$this->layout = 'admin';
} else {
$this->layout = 'user';
}
}
}
?>
Set layout='admin' in
routes.php
<?php
Router::connect('/admin', array('controller' => 'users', 'action' => 'index','add', 'admin' => true,'prefix' => 'admin','layout' => 'admin'));
?>
For CakePHP 3.X you should edit your src/View/AppView.php file and add the following code to your initialize() method:
public function initialize()
{
if ($this->request->getParam('prefix') === 'admin') {
$this->layout = 'Plugin.layout';
}
}
the approaches above are good but if you are looking to change the layout for every page when logged in you might try the following using Auth Component
function beforeFilter() {
if ($this->Auth->user()) {
$this->layout = 'admin';
}
}
For cakephp 3.0 you can set a view variable by calling Auth->user in the beforeRender in AppController. This is my beforeRender:
public function beforeRender(Event $event)
{
///...other stuff
$userRole = $this->Auth->user();
$this->set('userRole', $userRole['role']);
}