Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

cakephp isAuthorized() not being called

Tags:

authentication

php

cakephp

I am trying to use the isAuthorized() method to do a check for an admin flag, but the function never seems to be called. Even when I set the function to always return false, it allows any user. It just seems like it isn't being called.

Do I need to do something more than setting $this->Auth->authorize = 'controller' ?

from /app/app_controller.php

class AppController extends Controller
{

var $components = array('Auth');

function beforeFilter()
{
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->loginRedirect = array('controller' => 'pages', 'display' => 'home');
    $this->Auth->logoutRedirect = '/';
    $this->Auth->authorize = 'controller';
    $this->Auth->userScope = array('User.active' => 1);
}

function isAuthorized()
{
    if (strpos($this->action, "admin_") != false)
    {
        if ($this->Auth->user('isAdmin') == '0')
        {
            return false;
        }
    }
    return true;
}
}
like image 456
Jack B Nimble Avatar asked Apr 20 '09 15:04

Jack B Nimble

2 Answers

You should check if you're overriding your Auth settings in your other controller.

First, to verify that isAuthorized() is being called, try putting a simple debug($this); die; in it.

If it is not dying, you're probably overriding it in some other controller (you're missing the parent::isAuthorized() call).

If it's not that, then you're probably doing that same thing with beforeFilter().

like image 74
dr Hannibal Lecter Avatar answered Sep 30 '22 02:09

dr Hannibal Lecter

Additional to the Answer of dr Hannibal Lecter, there is another possible reason if you experience this problem (as i did ...):

If your controller is named tests_controller, the startUp method of the Auth-Component aborts without starting the authentication (at least in cakePHP 1.3.10 - haven't checked 2.x). So be sure that you never name a Controller tests_controller...

Excerpt from cake\libs\controller\components\auth.php

function startup(&$controller) {
    $isErrorOrTests = (
        strtolower($controller->name) == 'cakeerror' ||
        (strtolower($controller->name) == 'tests' && Configure::read() > 0)
    );
    if ($isErrorOrTests) {
        return true;
    }
...
like image 23
Nebel54 Avatar answered Sep 30 '22 02:09

Nebel54
Sign in to Comment

Related questions

Laravel WebSocket with Pusher Error when making POST Request
How to get all values of an enum in PHP?
To use views or not to use views
PHP DOMDocument stripping HTML tags
Pulling both the text and attribute of a given node using Xpath
Zend Framework fetchAll
Converting a Word document into usable HTML in PHP
How to build large MySQL INSERT query in PHP without wasting memory
Should I use multi-byte overloading (mbstring.func_overload)?
PHP Inclued for Windows?
Code separation in AJAX applications
JavaScript (or JS+PHP) Terminal Client
Is there a way to see a prepared query as it will be executed on the database? [duplicate]
How to version control, deploy and develop php and mySQL
Has anyone ever created a shopping cart on the Expression Engine? [closed]
Php payment solutions?
How do you set up cakephp on a shared hosting?
Best way to escape strings for sql inserts?
Should I use eval() or call_user_func()?
Determine where a function has been called with PHP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!