Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

cakephp isAuthorized() not being called

I am trying to use the isAuthorized() method to do a check for an admin flag, but the function never seems to be called. Even when I set the function to always return false, it allows any user. It just seems like it isn't being called.

Do I need to do something more than setting $this->Auth->authorize = 'controller' ?

from /app/app_controller.php

class AppController extends Controller
{

var $components = array('Auth');

function beforeFilter()
{
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->loginRedirect = array('controller' => 'pages', 'display' => 'home');
    $this->Auth->logoutRedirect = '/';
    $this->Auth->authorize = 'controller';
    $this->Auth->userScope = array('User.active' => 1);
}

function isAuthorized()
{
    if (strpos($this->action, "admin_") != false)
    {
        if ($this->Auth->user('isAdmin') == '0')
        {
            return false;
        }
    }
    return true;
}
}
like image 456
Jack B Nimble Avatar asked Apr 20 '09 15:04

Jack B Nimble


2 Answers

You should check if you're overriding your Auth settings in your other controller.

First, to verify that isAuthorized() is being called, try putting a simple debug($this); die; in it.

If it is not dying, you're probably overriding it in some other controller (you're missing the parent::isAuthorized() call).

If it's not that, then you're probably doing that same thing with beforeFilter().

like image 74
dr Hannibal Lecter Avatar answered Sep 30 '22 02:09

dr Hannibal Lecter


Additional to the Answer of dr Hannibal Lecter, there is another possible reason if you experience this problem (as i did ...):

If your controller is named tests_controller, the startUp method of the Auth-Component aborts without starting the authentication (at least in cakePHP 1.3.10 - haven't checked 2.x). So be sure that you never name a Controller tests_controller...

Excerpt from cake\libs\controller\components\auth.php

function startup(&$controller) {
    $isErrorOrTests = (
        strtolower($controller->name) == 'cakeerror' ||
        (strtolower($controller->name) == 'tests' && Configure::read() > 0)
    );
    if ($isErrorOrTests) {
        return true;
    }
...
like image 23
Nebel54 Avatar answered Sep 30 '22 02:09

Nebel54