Skip to content

Instantly share code, notes, and snippets.

@ceeram
Created March 7, 2012 19:47
Show Gist options
  • Save ceeram/1995543 to your computer and use it in GitHub Desktop.
Save ceeram/1995543 to your computer and use it in GitHub Desktop.
CakePHP Authentication and Authorization
No AuthComponent => everything is public
With AuthComponent => everything denied by default (except login action)
- open up certain action for public with: Auth->allow('action');
- open up all actions: Auth->allow();
- open up all non-admin actions, see Example (beforeFilter)
AuthComponent setup with Authorize object => restrict actions for authenticated users
- for instance with ControllerAuthorize, you define isAuthorized() function in your (App)Controller and
have it return true/false based on some conditions, See Example (isAuthorized)
- If you have Auth->allow('action'), authorization wont be checked as it is a public action
Example:
in AppController.php
public function beforeFilter() {
if (empty($this->request->params['prefix']) || $this->request->params['prefix'] != 'admin') {
$this->Auth->allow();
}
}
public function isAuthorized($user) {
if ($user['role'] == 'admin') {
return true;
}
if (empty($this->request->params['prefix']) || $user['role'] == $this->request->params['prefix']) {
return true;
}
if (!empty($this->request->params['prefix']) && in_array($this->action, array('index', 'view'))) {
return true;
}
return false;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment