I have looked at quite a few similar issues on SO but none have answered my question or been able to help me resolve this... Basically when i comment out the $this->auth->allow line in the NewsController (because i only want authenticated people to access all the actions apart from login/register) it causes a login infinite loop. When i allow all users to access the index action in the newscontroller it works fine. Any ideas why this would be looping on login?
AppController
<?php
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array('controller' => 'users', 'action' => 'login'),
'loginRedirect' => array('controller' => 'news', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users', 'action' => 'login'),
'authorize' => array('Controller')
)
);
UsersController
<?php
class UsersController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('register');
}
public function login() {
$this->layout = 'eprime_empty';
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash('Invalid username or password, try again', 'default', array('class' => 'warning'));
}
}
}
public function logout() {
$this->redirect($this->Auth->logout());
}
NewsController
<?php
class NewsController extends AppController {
public $helpers = array('Html', 'Form', 'Session');
public function beforeFilter() {
parent::beforeFilter();
// $this->Auth->allow('index', 'view');
}
public function index() {
$this->set('news', $this->News->find('all'));
}
If you want only authenticated peoples to get access to all action apart from login and logout then no need to define key value pair
'authorize' => array('Controller')
in AppCOntroller. Because if you specify this key, you have to specify function isAuthorized() which will return either true or false(based on condition you specify for allowing users/usergroups to access that action).
public function isAuthorized(){
return true;//or false
}
and no need to redefine
public $helpers = array('Html', 'Form', 'Session');
public $components = array('Session');
as you already defined in AppController.
There is another issue may happen when use requests actions in Elements, so you have to allow request actions in their main Controllers as below:
--------[app\View\view.ctp]------------
$this->Element('comments');
--------[app\View\Elements\comments.ctp]----------
$comments = $this->requestAction('comments/grab');
--------[app\Controller\CommentsController]-----------
function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('grab');
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.