Page 5 of 36,922, showing 100 records out of 3,692,143 total, starting on record 401, ending on 500
# | Username | Text | |
---|---|---|---|
# | Aug 6th 2008, 16:40 | TommyO | castroalves: your authentication will have to reside somewhere less 'dynamic' |
# | Aug 6th 2008, 16:40 | castroalves | renan_saddam: I love you, man! |
# | Aug 6th 2008, 16:40 | castroalves | ahahahhah |
# | Aug 6th 2008, 16:40 | castroalves | renan_saddam: is just it |
# | Aug 6th 2008, 16:40 | renan_saddam | ;) |
# | Aug 6th 2008, 16:41 | castroalves | I gotta go... |
# | Aug 6th 2008, 16:41 | castroalves | Tomorrow I come back to talk to you... |
# | Aug 6th 2008, 16:41 | francky06l | Mathachew: some who did not logged, is not in Auth->user(), so you can create for him a "generic" Auth value in session where the user id = 0; then use this to check in isAuthorized |
# | Aug 6th 2008, 16:41 | castroalves | BTW, thanks for all.. |
# | Aug 6th 2008, 16:41 | castroalves | Bye!!! |
# | Aug 6th 2008, 16:42 | TommyO | Mathachew: specific nodes you mean ACL? or actions? |
# | Aug 6th 2008, 16:42 | Mathachew | controllers and actions |
# | Aug 6th 2008, 16:43 | Mathachew | francky06l: I have a conditional, if the user is logged in, do this, if not, do that |
# | Aug 6th 2008, 16:43 | TommyO | $this->Auth->allow('action'); |
# | Aug 6th 2008, 16:43 | TommyO | no need to trigger isAuthorized at all |
# | Aug 6th 2008, 16:43 | Mathachew | I have a permission system in place |
# | Aug 6th 2008, 16:43 | francky06l | Mathachew: yes and ? |
# | Aug 6th 2008, 16:43 | Mathachew | francky06l: and manually checking the user's permission returns true, but they are still automatically redirecte |
# | Aug 6th 2008, 16:44 | TommyO | Mathachew: ^^^^ |
# | Aug 6th 2008, 16:44 | francky06l | Mathachew: well either you do not care of the user hit, then you do not need ACL .... or you do then you can verify it |
# | Aug 6th 2008, 16:44 | TommyO | will allow un-authenticated users to a specific action |
# | Aug 6th 2008, 16:45 | Mathachew | TommyO: Having to specify $this->Auth->allow() doesn't work for me because that's not a dynamic solution |
# | Aug 6th 2008, 16:46 | TommyO | Mathachew: it can be. how is it not dynamic? what needs to be dynamic? |
# | Aug 6th 2008, 16:46 | Mathachew | francky06l: I don't see what you mean... I have the permissions in place to authorize the user, regardless if they're logged in, but the problem is that anonymous users are given the login screen |
# | Aug 6th 2008, 16:46 | Mathachew | TommyO: I couldn't create an interface to work well with Cake's ACL, so I have my own, which is working, but the authentication is causing the problem for anonymous users |
# | Aug 6th 2008, 16:47 | francky06l | Mathachew: I have solved this kind of problem by having a "default" user .... then you can have ACL on it ... everyone that has got a new session (or non Auth variable) get the same Auth variable ...contralable by ACL |
# | Aug 6th 2008, 16:47 | francky06l | Mathachew: well then if you have your own I do not know .... I am quite familiar with cake's native one ..... |
# | Aug 6th 2008, 16:47 | Mathachew | My default user is anonymous and permissions are created for the anonymous user, my problem is the Authentication being triggered when I don't need it to |
# | Aug 6th 2008, 16:48 | TommyO | Mathachew: allow() has nothing to do with ACL. it has to do with whether an unauthenticated user gets redirected |
# | Aug 6th 2008, 16:48 | TommyO | if you allow(),, then they're NOT redirected |
# | Aug 6th 2008, 16:48 | Mathachew | I know |
# | Aug 6th 2008, 16:48 | TommyO | which is what you want |
# | Aug 6th 2008, 16:48 | Mathachew | No, it's not what I want |
# | Aug 6th 2008, 16:48 | Mathachew | I have everything I want in place except for anonymous users |
# | Aug 6th 2008, 16:48 | Mathachew | everything else is working |
# | Aug 6th 2008, 16:49 | francky06l | Mathachew: again, I do not know what your implementation is ..but seems quite easy to check if a user is authenticated or not, if not authenticate him as anonymous.. |
# | Aug 6th 2008, 16:49 | Mathachew | I don't want to specify $this->Auth->allow() in each controller I create when my custom ACL will allow/deny access to the controller's action |
# | Aug 6th 2008, 16:49 | Mathachew | ugh |
# | Aug 6th 2008, 16:49 | Mathachew | My problem is the Auth component automatically redirecting because the user isn't logged in |
# | Aug 6th 2008, 16:49 | Mathachew | they have permission to read the controller, but they're redirected anywayh |
# | Aug 6th 2008, 16:50 | TommyO | Mathachew: ughh is right. your problem is Auth component automatically redirecting because the user isn't logged in and not allow()'ed. allow for that action and your problem disappears |
# | Aug 6th 2008, 16:50 | francky06l | Mathachew: well you have to check something in app_controller before to set the Auth parameter, but .... easy ? |
# | Aug 6th 2008, 16:51 | francky06l | TommyO: you can check before you give the Auth instruction .... I guess |
# | Aug 6th 2008, 16:51 | Mathachew | so Auth is tying itself to the ACL, in a manner of speaking |
# | Aug 6th 2008, 16:51 | TommyO | Mathachew: absolutely not |
# | Aug 6th 2008, 16:51 | Mathachew | oh but it is |
# | Aug 6th 2008, 16:51 | TommyO | allow() is not ACL |
# | Aug 6th 2008, 16:51 | Mathachew | I know that |
# | Aug 6th 2008, 16:51 | TommyO | ACTION gives up talking to the wall |
# | Aug 6th 2008, 16:51 | Mathachew | no no no |
# | Aug 6th 2008, 16:51 | Mathachew | hear me out |
# | Aug 6th 2008, 16:52 | francky06l | Mathachew: you can check before Auth in beforeFilter .. |
# | Aug 6th 2008, 16:52 | Mathachew | I have to tell the Auth model to allow access to an action that ACL would determine |
# | Aug 6th 2008, 16:52 | Mathachew | how's that not tying itself to it? |
# | Aug 6th 2008, 16:52 | TommyO | regardless of before or after in beforeFIlter - it happens in startup anyway, AFTER beforeFilter |
# | Aug 6th 2008, 16:52 | francky06l | Mathachew: is all the anonymous are to have the same rigthts? |
# | Aug 6th 2008, 16:52 | Mathachew | yep |
# | Aug 6th 2008, 16:52 | TommyO | Mathachew: no. can be determined by a model, ACL, a custom component, a controller, anything you want |
# | Aug 6th 2008, 16:53 | francky06l | Mathachew: you can then create a User for them (I mean a fake one) ? |
# | Aug 6th 2008, 16:53 | Mathachew | How is access to an action not ACL? |
# | Aug 6th 2008, 16:53 | TommyO | ACL is a specific means of access control. there are many, many other ways |
# | Aug 6th 2008, 16:53 | Mathachew | francky06l: I have an anonymous group. I already have it setup so that it applies this group's permissions to the user if they're not logged in. Authenticated users will have a specified group when they're added and such, permissions are inherited |
# | Aug 6th 2008, 16:54 | TommyO | like Controller/action |
# | Aug 6th 2008, 16:54 | francky06l | Mathachew: then your problem is to identify this users ? |
# | Aug 6th 2008, 16:55 | Mathachew | francky06l: no... my problem is granting permission to a controller/action on unauthenticated users, which it does, but since they're not logged in, they're redirected to the login screen |
# | Aug 6th 2008, 16:55 | TommyO | *sigh* |
# | Aug 6th 2008, 16:55 | Mathachew | let me rephrase that |
# | Aug 6th 2008, 16:55 | Mathachew | the permissions are setup so that if checked, they were been granted |
# | Aug 6th 2008, 16:55 | Mathachew | but they're not checked |
# | Aug 6th 2008, 16:56 | francky06l | Mathachew: so why not affect the same user to the non authenticaed users? |
# | Aug 6th 2008, 16:56 | TommyO | why not let all users, authenticated or not, to these actions? |
# | Aug 6th 2008, 16:56 | TommyO | that is the same as giving anonymous access + user access |
# | Aug 6th 2008, 16:56 | Mathachew | TommyO: That's exactly what I'm aiming for |
# | Aug 6th 2008, 16:56 | francky06l | TommyO: yes allso .... |
# | Aug 6th 2008, 16:56 | TommyO | $this->Auth->allow('action'); again |
# | Aug 6th 2008, 16:56 | Mathachew | bah. |
# | Aug 6th 2008, 16:57 | Mathachew | That's not how I want to check my permissions |
# | Aug 6th 2008, 16:57 | Mathachew | I only want to force login if permission is initially denied |
# | Aug 6th 2008, 16:57 | TommyO | why are you checking permissions if everyone gets throguh for that action? |
# | Aug 6th 2008, 16:57 | francky06l | Mathachew: I guess your problem is you want to control the "bla" in allow ? |
# | Aug 6th 2008, 16:57 | Mathachew | but I guess I can't rely on Auth now |
# | Aug 6th 2008, 16:57 | Mathachew | TommyO: Again, only authenticated users are getting through, anonymous users are redirected |
# | Aug 6th 2008, 16:57 | TommyO | Mathachew: yes! that's what I'm saying. deny all, allow specific actions |
# | Aug 6th 2008, 16:57 | Mathachew | That's what I have! |
# | Aug 6th 2008, 16:58 | francky06l | Mathachew: it's simple really ... create an anonymous user, in beforeFilter check this user ..if not autheticated, affect him the anonymous user .. |
# | Aug 6th 2008, 16:58 | Mathachew | That's what I'm trying to do |
# | Aug 6th 2008, 16:58 | Mathachew | but Auth is redirecting. |
# | Aug 6th 2008, 16:58 | francky06l | Mathachew: and? |
# | Aug 6th 2008, 16:58 | Mathachew | I feel like I'm repeating myself |
# | Aug 6th 2008, 16:58 | TommyO | Mathachew: and why is Auth redirecting? |
# | Aug 6th 2008, 16:59 | francky06l | Mathachew: you have to check before Auth does |
# | Aug 6th 2008, 16:59 | francky06l | Mathachew: some code of you beforeFilter? |
# | Aug 6th 2008, 16:59 | Mathachew | so I use Auth after I've established permissions |
# | Aug 6th 2008, 16:59 | Mathachew | ACL before Auth, right? |
# | Aug 6th 2008, 16:59 | TommyO | Auth does its check AFTER beforeFilter and before the action is called |
# | Aug 6th 2008, 17:00 | francky06l | Mathachew: no, it's more simple |
# | Aug 6th 2008, 17:00 | TommyO | Auth(orization) is different than Auth(entication) |
# | Aug 6th 2008, 17:00 | TommyO | AuthComponent helps with both if you let it |
# | Aug 6th 2008, 17:00 | Mathachew | ACL before Authentication |
# | Aug 6th 2008, 17:00 | TommyO | no |