How do I secure all the admin actions in all controllers in cakePHP

Question

Hello Everyone,

I am developing an application using cakePHP v 1.3 on windows (XAMPP).

Most of the controllers are baked with the admin routing enabled. I want to secure the admin actions of every controller with a login page. How can I do this without repeating much ?

One solution to the problem is that "I check for login information in the admin_index action of every controller" and then show the login screen accordingly.
Is there any better way of doing this ?

The detault URL to admin (http://localhost/app/admin) is pointing to the index_admin action of users controller (created a new route for this in routes.php file)

Thanks

Answer 1

Use the Authentication component. You can set it up just for admin routes with something like this:

// AppController::beforeFilter
function beforeFilter() {
    if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
        $this->Auth->deny('*');
        ...
    }
}

Checking only in the index actions is pointless, that's just obscurity, not security. The AuthComponent will check permissions for every single page load.