weird cakePHP isAuthorized() issue

1
votes

I'm using cakePHP's isAuthorized() function to check if a user is authorized to execute a controller action, but the weird problem I'm having is that the permissions on my other controller actions are blocked from the user as well. I'm only doing this:

function isAuthorized()
{
    $user_id_logged_in = $this->Auth->user('id');

    switch($this->action)
    {
        case: 'my_action':

        if($user_id_logged_in)
        {
             // check if user has access to execute controller action
             return $this->Acl->check(array(
                                'model' => 'MyModel', 'foreign_key' => $my_foreign_key), 
                                'controllers/MyController/'.$this->action);
        }
        else
        {
             return false;
        }

        break;
    }
}

I want to check if the logged user is authorized to execute the action my_action. But when I do this, the user loses permissions for the other actions in my controller as well. Any idea what is wrong with this?

Thank you

1
phpcakephppermissionscakephp-1.3acl
Where are you setting $user_id_logged_in? - David Gallagher
$user_id_logged_in is just equal to $this->Auth->user('id'); - user765368
From what I can tell from the documentation, the check() method takes 3 string parameters. check($aro, $aco, $action = "*"). You can see that here. - David Gallagher
I can see in the book your version. - David Gallagher
Did you get this working? I also think maybe MyModel should be the name of your users model (User probably) and $my_foreign_key should be $user_id_logged_in - David Gallagher

1 Answers

0
votes

I think the problem is in the fact that you're not returning any value at the end of isAuthorized(), so cake assumes it's false and therefore denying access to everything else.

Try adding a return true; at the end of the function if you're not interested in authorizing access to other functions (or alternatively, add them to the 'allow' list in Auth).