cakephp isAuthorized() not being called

5
votes

I am trying to use the isAuthorized() method to do a check for an admin flag, but the function never seems to be called. Even when I set the function to always return false, it allows any user. It just seems like it isn't being called.

Do I need to do something more than setting $this->Auth->authorize = 'controller' ?

from /app/app_controller.php

class AppController extends Controller
{

var $components = array('Auth');

function beforeFilter()
{
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->loginRedirect = array('controller' => 'pages', 'display' => 'home');
    $this->Auth->logoutRedirect = '/';
    $this->Auth->authorize = 'controller';
    $this->Auth->userScope = array('User.active' => 1);
}

function isAuthorized()
{
    if (strpos($this->action, "admin_") != false)
    {
        if ($this->Auth->user('isAdmin') == '0')
        {
            return false;
        }
    }
    return true;
}
}
3
phpauthenticationcakephp

3 Answers

12
votes

You should check if you're overriding your Auth settings in your other controller.

First, to verify that isAuthorized() is being called, try putting a simple debug($this); die; in it.

If it is not dying, you're probably overriding it in some other controller (you're missing the parent::isAuthorized() call).

If it's not that, then you're probably doing that same thing with beforeFilter().

1
votes

Additional to the Answer of dr Hannibal Lecter, there is another possible reason if you experience this problem (as i did ...):

If your controller is named tests_controller, the startUp method of the Auth-Component aborts without starting the authentication (at least in cakePHP 1.3.10 - haven't checked 2.x). So be sure that you never name a Controller tests_controller...

Excerpt from cake\libs\controller\components\auth.php

function startup(&$controller) {
    $isErrorOrTests = (
        strtolower($controller->name) == 'cakeerror' ||
        (strtolower($controller->name) == 'tests' && Configure::read() > 0)
    );
    if ($isErrorOrTests) {
        return true;
    }
...
-4
votes

you need to make sure that 'Auth' is in the components array for that controller:

$this->components[] = 'Auth';

drop that in the constructor and it should work (unless, of course, it doesn't). Good luck!