CakePHP: Can you use admin prefix with pages?

0
votes

In my controllers I'm limiting access by prefixing my functions with admin_ and then letting the AppController isAuthorized() function check if the user is an admin. Is there a way to do this with pages (from PageController)? We created an admin homepage (like a dashboard) which users cannot view if they are not logged in, but non-admin users CAN view it. I can't figure out how to prevent this.

2
phpcakephpauthorizationcakephp-2.0cakephp-2.3
This tutorial book.cakephp.org/2.0/en/tutorials-and-examples/… shows you how to accomplish the basics of doing that. The whole tutorial is useful, but the section linked to is relevant to what you want to do. - obsirdian
Thanks, but I've been reading that chapter for days and it doesn't talk about the PagesController at all. My other controllers are working properly, but it has not helped me authorize users on a page - emersonthis
If you're using the display action of the PagesController it will let any user view it. Try creating a separate action prefixed with admin_ and use that to drive the dashboard. book.cakephp.org/2.0/en/controllers/pages-controller.html - obsirdian
We tried that already and it didn't behave as expected. I don't recall the exact problem. The PagesController doesn't seem to behave the same as other controllers. - emersonthis
The PagesController is the same as all other controllers, the default routes.php configuration sends all PagesController requests (/pages/*) to the display() action. You would also need to modify that to make sure your request is being properly routed. - obsirdian

2 Answers

1
votes

What do you mean with pages? Something static served by the PagesController or a .htm(l) file located in your webroot?

If your case is the first thing, you can implement this logic for the Pages Controller. If it is the second - the request doesn't go through CakePHP (or any other server-side script) at all, so no you cannot controll access to it through Cake.

If your situation is something else, then refine your question and I'd be happy to help.

As the comment suggests you're in situation No:1. In the class declaration of the PagesController it says:

class PagesController extends AppController {

this means that you can use any logic that is in AppController in whichever class that extends AppController. Thus you can use isAuthorized() in the PagesController.

All you need to do is create a method with a name the same as your "admin dashboard view" and allow access to it only for admins. Or just check the user role.

1
votes

Assuming that the first parameter is the requested Page and you can catch it using this statement:

$this->request->pass[0];

you can use the isAuthorized function to solve your problem doing something like this...

public function isAuthorized()
{
    $page = strtolower($this->request->pass[0]);

    if ($page = 'admin_page')
    {
         if ( $this->Auth->user('Role.role_field') == 'Admin' )
         {
            return TRUE;
         }
         else
         {
            return FALSE;
         }
    }
    else
    {
         // This will authorize users for the other pages
         return TRUE;
    }
}

Hope this helps. Always check the CookBook: sometimes you need to check the older Books for finding what you really need. Happy Coding!