1
votes

Ajax request in Cakephp project throws 403 error, all permissions are granted for the project directory in localhost (XAMPP)

Failed to load resource: the server responded with a status of 403 (Forbidden) /project/users/saveOrder:1

var request = function() {
            $.ajax({
                beforeSend: function() {
                    messageBox.text('Updating the sort order in the database.');
                },
                complete: function() {
                    messageBox.text('Database has been updated.');
                },
            data: 'sort_order=' + sortInput[0].value + '&ajax=' + submit[0].checked + '&do_submit=1&byajax=1', //need [0]?
            type: 'post',
            url: '/project/users/saveOrder',

        });
        }; 

CODE UsersController:

class UsersController extends AppController
{
    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('saveOrder');
    }

    public function view($id = null)
    {
        $user = $this->Users->get($id, [
            'contain' => ['Departments', 'Appointments', 'Roles', 'LeaveRequests', 'TasksTo', 'TasksFrom', 'TasksBy']
        ]); 
        $this->set('user', $user);
    }

    public function change(){
    }
    public function saveOrder() {
        $this->layout = null; 
        if ($this->request->is('post'))
        {

            $ids = explode(",", $this->request->data['priority']); 
            //print_r($ids); die;
            /* run the update query for each id */
            foreach ($ids as $index => $id) {
                if (isset($id) && !empty($id)) {
                    $query = 'UPDATE tasks SET priority = ' . ($index + 1) . ' WHERE id = ' . $id;
                    //$result = mysql_query($query) or die(mysql_error() . ': ' . $query);
                    $data['id'] = $id;
                    $data['priority'] = $index + 1;
                    $this->Task->id = $data['id'];
                    if($this->Task->saveField('priority', $data['priority'])) {
                         echo $query.'<br/>';
                    }else {
                          die('Error, insert query failed');
                    } 
                }
            }
            die;
        }
     }

}
1

1 Answers

1
votes

You are facing this issue because you haven't allow the function you are using in ajax url

Allow that function in your beforeFilter() in your controller and then pass function name inside

$this->Auth->allow()

Example

public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('saveOrder');
 }

For more idea on $this->Auth->allow()

$this->Auth->allow(); //Allow all action define in your controller

$this->Auth->allow('editUser'); //Allow only editUser 

$this->Auth->allow(['editUser', 'AddUser']); //Allow only editUser and AddUser

For cakephp 3

  1. Put this in top of your controller use Cake\Event\Event;
  2. Now add this to filter function

    public function beforeFilter(Event $event) {

    parent::beforeFilter($event);
    $this->Auth->allow('saveOrder');
    

    }