ansaurus

Question

Having actions/pages without requiring a login

Answer 1

+1 A:

http://book.cakephp.org/view/641/Simple-Acl-controlled-Application goes over implementing authentication, and also tackles the subject of allow certain controllers/actions being publicly-accessible, whilst maintaining authentication needed for others.

Martin Bean 2010-10-29 15:53:48

Well they only talk about public pages for logged in users who do not have authorization access

macha 2010-10-29 16:17:17

Answer 2

+1 A:

The solution would be to use the allow method in the Auth component to let the user visit those pages.

Thank you!

macha 2010-10-29 16:18:12

Answer 3

+1 A:

As Martin Bean says, you can use ACL. For a sophisticated site, that would be my choice. You do not have to be logged in to access the public pages. http://multiheadweighers.co.uk is an example of a site that uses ACL. There is a fully featured CMS behind the public pages.

For a simple site I would allow access to, for instance, the view action using

function beforeFilter() {
    parent::beforeFilter;
    $this->Auth->allow('view');
}

see: http://book.cakephp.org/view/1257/allow

It really isn't a big deal - try it and you'll see how easy it is.

EDIT:

From the book @ http://book.cakephp.org/view/1550/Setting-up-permissions

Now we want to take out the references to Auth->allowedActions in your users and groups controllers. Then add the following to your posts and widgets controllers:

function beforeFilter() 
{    
    parent::beforeFilter();     
    $this->Auth->allowedActions = array('index', 'view');
}

This removes the 'off switches' we put in earlier on the users and groups controllers, and gives public access on the index and view actions in posts and widgets controllers. In AppController::beforeFilter() add the following:

 $this->Auth->allowedActions = array('display');

This makes the 'display' action public. This will keep our PagesController::display() public. This is important as often the default routing has this action as the home page for you application.

EDIT 2:

    $user = ($this->Auth->user())?$this->Auth->user():'Anonymous';
    if(!$this->Acl->check($user,"{$url}"))
        $this->redirect($this->referer()); // or whatever action you want to take.

Leo 2010-10-29 16:55:44

isn't ACL used for controlling the access rights for registered users?? How would ACL be a part in letting unregistered users to access to public pages?? It should be done by the Auth component isn't it? Could you please explain how ACL can be used for this?

macha 2010-10-29 16:58:49

Yes it is, but that doesn't mean EVERYTHING has to be controlled by ACL - there can be exclusions. See my edit above. I have encountered some sticky situations where I've had to do something like my second edit.

Leo 2010-10-29 17:14:21

ACL and Auth work together.

Leo 2010-10-29 17:16:45

You don't need to use ACL - just `$this->Auth->allow(...)`.

michaelc 2010-10-29 19:24:44

@ mmichaelc : as I said at the start of my answer....

Leo 2010-10-29 19:29:59

ansaurus

tags:

views:

answers:

Having actions/pages without requiring a login

related questions