Allow permission to some page cakephp

Question

I want to create some permission to my site in cakephp but not works permission check. I want only for example allow only the page add the other page like index or register doesn't have access.

This is my AppController component

public $components = array(
        'Session',
        'Auth' => array(
            'loginAction' => array('controller'=>'users','action'=>'login', 'admin'=>false),
            'logoutRedirect' => array('controller'=>'users','action'=>'logout'),
            'loginRedirect' => array('controller'=>'shows', 'action'=>'index'),
            'authError' => 'Questa risorsa non sembra appartenere al tuo account, oppure non hai eseguito l\'accesso',
            'autoRedirect' => false,
            'authorize' => array(
                'Controller',
                'Actions' => array(
                    'actionPath' => 'controllers'
                )
            ),
            'authenticate' => array(
                'Form' => array(
                    'fields' => array('username' => 'email')
                )
            )
        )
    );

And this is the beforeFilter inside UserController:

public function beforeFilter () {
   parent::beforeFilter();  
   $this->Auth->deny('*'); //I have also tried $this->Auth->deny();
   $this->Auth->allow('register');
}

Why I can access to the other pages? Thanks

scx scx · Accepted Answer · 2013-11-13T22:55:35

From Cakephp book: By default all actions require authorization. However, after making actions public, you want to revoke the public access. You can do so using AuthComponent::deny(): What you are doing with deny is probably only because of lack of knowledge how Auth works. Please check this http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html $this->Auth->deny(); // Will remove all the actions.

Allow permission to some page cakephp

2 Answers