tags:

views:

43

answers:

2
Q: 

cancel request in beforefilter() in PHP

Hi All,

I'm using CakePHP , CAS for Authentication and ACL for Authorization. If the user donot have permission to view the page, i need to flash a message stating Not permitted OR redirect to another page.

Ex: If the user is viewing /users/view/1 .Now the user requests /users/delete/1. The user donot have permission to delete. So I want to display a flash message on the page he requested from (/users/view/1).

In my app_controller, i have the following function:

function beforeFilter() {
  $this->__initPhpCas();
  if (isset($_SESSION['loggedIn'])){
    if(!$this->Acl->check(.....){
        //User do not have permission to view the page.
        // Need to cancel this request and flash a message 
   }
  }

Any suggestions are appreciated

Final answer is 

function beforeFilter() {
      $this->__initPhpCas();
      if (isset($_SESSION['loggedIn'])){
        if(!$this->Acl->check(.....){
            //User do not have permission to view the page.
            // Need to cancel this request and flash a message 
            $this->Session->setFlash(__('You are not authorized to view this page.', true));
        $this->redirect($_SERVER['HTTP_REFERER']);
       }
      }
A: 

to redirect use $this->redirect(); and add a message by using $this->Session->setFlash();. I have included links to show you.

EDIT:

I would recommend setting the flash message then doing the redirect. Then on the redirected page, display the flash message with $session->flash();.

EDIT2:

Since you are not wanting to do a redirect you will need to do something like this.

function view() {
    if($this->Acl->check(.....){
        //display the page and continue with the view action
    }
    else {
        $this->Session->setFlash("You do not have access to use this feature");
    }
}

EDIT 3:

Try this. Take a look at the last post in the link.

Edit 4: Try using deny()

Edit 5:

If I understand you correctly you want to use beforeFilter to check if they have access and if not then don't continue running the actions. CakePHP doesn't really allow this but a work around is.

function beforeFilter() {
    if($this->Acl->check(.....){
        //display the page and continue with the view action
    }
    else {
        $this->Session->setFlash("You do not have access to use this feature");
        $this->params['action'] = "failedCheck";
    }
}

function failedCheck() {
    //blah blah blah
}
jostster  2010-09-29 21:09:35
Thank you for the reply. The problem i have when redirect is, I want to make the user stay in the same page where he requested from. For example he requests /user/delete from /user/view. In my beforefilter the request is /user/delete. How i can get the "/user/view" url - the one from where he requested ? So dat i can redirect him to /user/view
metalhawk  2010-09-29 21:33:28
I was unable to figure out a way to just cancel it so what I ended up doing is checking in my action if they were authenticated and if so then I would continue with the processing of the page. If not then I would not display the info that the user request but instead display the flash message. See answer for example
jostster  2010-09-29 22:40:00
Thank you for the reply. The "edit 2" idea works, but there is a lot of code redundancy. I have to perform this check for all the methods, so i was thinking if i could somehow do it in the beforefilter(), then it be more single point and modular.
metalhawk  2010-09-30 02:50:37
@metalhawk I added edit 3
jostster  2010-09-30 15:53:08
Thank you Joster. But it behaves as the last comment says. "Returning false keeps the flow running (cake will execute further actions).".
metalhawk  2010-09-30 19:18:24
@metalhawk updated to edit 4
jostster  2010-09-30 19:29:21
Hi Joster, Deny is to set(kinda) permissions. The action "delete" is already denied. When i perform Acl->check(..). It returns false, as it is denied.
metalhawk  2010-10-01 15:53:47
I'm confused at what your wanting then...
jostster  2010-10-01 16:25:16
I'm exactly looking for the one listed in "edit3"
metalhawk  2010-10-01 16:35:41
@metalhawk ... I am sorry I miss understood your first comment. The redirect will work fine but you just wanted to get the url the user came from. Use the `$this->redirect($this->referrer());` This will redirect the user to the page they came from. But before doing the redirect I would do $this->Session->setFlash("message"); so they can see why they were redirected.
jostster  2010-10-01 16:42:27
Thank you for your time Joster. $this->referrer() did not work. But $_SERVER['HTTP_REFERER'] worked. Thanks again. :)
metalhawk  2010-10-01 19:36:00
@metalhawk sorry i had a typo $this->referer()
jostster  2010-10-01 19:46:16
A: 

In your controller:

if (!$this->Acl->check(.....)){
    //User do not have permission to view the page.
    $this->Session->setFlash('Unauthorized.', 'auth_error');
}

Create view app/views/layouts/auth_error.ctp In this new view file add:

<?php $session->flash(); ?>
webbiedave  2010-09-29 21:16:24
Thank you for your prompt reply. I get the following error... Fatal error: Allowed memory size of 209715200 bytes exhausted (tried to allocate 523800 bytes) in ..../cake/libs/debugger.php on line 612
metalhawk  2010-09-29 21:23:52

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases