Home/ Questions/Q 8002241
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T16:17:55+00:00

I am unable to wrap my head around how the Auth component works in

  • 0

I am unable to wrap my head around how the Auth component works in cakePHP. I am using 2.1

My login works perfectly, and from my understanding I can set the default component in the appController, which I did as listed below.

 // App controller:

 public $components = array(
    'Session',

    'Auth' => array(
        'loginAction' => array(
            'controller' => 'users',
            'action' => 'login',
        ),
        'authError' => "Your username and password is incorrect, please try again.",
        'authenticate' => array(
            'Form' => array(
                'scope' => array('User.user_status_id' => 1)
            )
        ),
        'redirect' => array("controller" => "users", "action" => "profile"),
        'loginRedirect' => array("controller" => "users", "action" => "profile")
    )
);

public function beforeFilter() {
    $this->Auth->allow("home");
   if($this->Auth->loggedIn() == true) {
       $this->set("user_name",$this->Auth->user("first_name")." ".$this->Auth->user("last_name"));
       $this->set("loggedIn",true);
       if($this->Auth->user("user_type_id") == 5) {
           $this->set("navigation","navigation_admin");
       } else {
           $this->set("navigation","navigation_loggedin");
       }
   } else {
       $this->set("loggedIn",false);
       $this->set("navigation","navigation_notloggedin");
   }

}

home is located /app/view/home.ctp, however, I cannot access the page without being logged in. Next I have 2 different user levels, normal and administrator. I want to limit certain actions in controllers based if you’re an admin or not.

In my UserController I have example:

 public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow("login");
    if($this->Auth->user("user_type_id") != 5) {
        $this->Auth->allow("login","profile");
    }
}

But irrespective of the user type, everyone can view the actions.

In my pages controller I also have the following:

 public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow("*");
    }

But I have to be logged in to view any pages.

I am convinced I am doing something wrong, but I cannot wrap my head around what, any help?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First, home is not an action on the controller, so $this->Auth->allow("home"); wouldn’t have an effect. $this->Auth->allow("display"); would but would allow all pages to be seen (not sure if that’s intended).

    Secondly, you are using $this->Auth->allow("*"); after you call the parent’s beforeFilter, which means that AppController::beforeFilter() would treat it as if the user wasn’t logged in, since it doesn’t know what you’ve allowed after the fact.

    • 0