Deny controller action permission in CakePHP

Question

Deny controller action permission in CakePHP

The idea is pretty simple. If you are not logged in, you do not have access to any page next to the register and login page. If you are logged in, you have access to all pages except the registry page.

Now half of this is achieved with CakePHP Auth Component. This restricts access when not registered, and allows access during registration.

The problem that I stumbled upon when doing this was restricting access to the registration page when registering. I tried different methods, all with the same result: the registry page was still available.

Need help as I ran into this problem.

Here is part of my code (beforeFilter () in the UsersController; register () class will be an action from this controller):

function beforeFilter(){
    parent::beforeFilter();

    $this->Auth->allow("register");

    if($this->Auth->user()){//if user is logged in...
        $this->Auth->deny("register");//...deny his access to register and login page
    }
}

+3

authentication cakephp permissions

linkyndy 23 . '10 21:59

2

:

function beforeFilter() {
    $this->Auth->authorize = 'controller';
    $this->Auth->allow('register');
}

function isAuthorized() {
    if ($this->Auth->user()) {
        $this->Auth->deny('register');
    }
}

UPDATE: ,

function beforeFilter() {
    $this->Auth->authorize = 'controller';
    if(is_null($this->Auth->user())) {
        $this->Auth->allow('register');
    }
}

+2

bancer 23 . '10 22:37

Leo · Accepted Answer · 2010-10-24T17:17:31+0000

function register()
{
    if ($this->Auth->user())
    {
        $this->redirect('someOtherPage');
        // or exit;
    }
    //other stuff
}

Deny controller action permission in CakePHP

More articles: