CakePHP - Auth logoutRedirect not working for Admin users

1
votes

In my cake 2.2 app I have the following beforeFilter() set up in my App Controller:

public function beforeFilter() {

    //Configure AuthComponent
    // Admin
    if($this->Auth->user('group_id') == '12') {
        $this->Auth->allow('admin_index'); 
        $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login', 'admin' => FALSE);
        $this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'index', 'admin' => TRUE);
        $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login', 'admin' => FALSE);

        $this->set("group", "admin");

    // Staff
    }

    if($this->Auth->user('group_id') == '13') {
        $this->Auth->allow('admin_index'); 
        $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login', 'admin' => FALSE);
        $this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'index', 'admin' => TRUE);
        $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login', 'admin' => FALSE);

        $this->set("group", "staff");

So basically I want all users regardles of user group to be sent to /users/login when the session expires. This works for users but any admin users get redirected to admin/users/login and presented with a Missing method in users controller error (because this isnt an admin method). For some reason the 'admin' => FALSE isnt working.

So, how can I get all users regardless of user type to get redirected to the NON admin method/url of /users/login

    // Users
    } 

    if($this->Auth->user('group_id') == '14') {
        $this->Auth->allow(array('controller' => 'pages', 'action' => 'index', 'admin' => FALSE));
        $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login', 'admin' => FALSE);
        $this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'index', 'admin' => FALSE);
        $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login', 'admin' => FALSE);

        $this->set("group", "user");
    }

    // General logout redirect (including expired session redirect)
    $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login', 'admin' => FALSE);
}
2
cakephp
You could hack this with a redirect route in your routes file, but it's not ideal. PS, your capital booleans hurt my eyes. - David Yell

2 Answers

1
votes

What I guess is happening is that the user is not actually login out when the session expires. Unless the user explicitely logs out (executing a lougout action in your UsersController, I'm assuming), like this for example

public function logout() {
    ... some code here...
    $this->Session->destroy();
    $this->redirect($this->Auth->logout());
}

that logoutRedirect is probably not going to work.
If the session expires, the user will be unauthorized to view the page, and the redirect is going to go to the Auth->unauthorizedRedirect.

For what you're trying to do, I'd use a method checking if the user is logged in beforeFilter of the AppController

public function beforeFilter() {
    if (!$this->Auth->loggedIn() && $this->action != 'login') {
        $this->redirect(array('controller'=>'users', 'action'=>'login', 'admin'=>false));
    }
}

or if you want

public function beforeFilter() {
    if (!$this->Auth->loggedIn() && $this->action != 'login') {
        $this->redirect($this->Auth->logoutRedirect);
    }
}
1
votes
public function admin_logout() {
    $this->Session->setFlash(__('Thanks for using Applired.com!'), 'default', array('class' => 'alert alert-success'));
    $this->Session->delete('user_to_register');
    $this->Session->destroy();
    $this->Auth->logout();
    return $this->redirect(array('controller' => 'dashboard', 'action' => 'login'));
}