| # |
Aug 6th 2008, 16:55 |
TommyO |
*sigh* |
| # |
Aug 6th 2008, 16:55 |
Mathachew |
francky06l: no... my problem is granting permission to a controller/action on unauthenticated users, which it does, but since they're not logged in, they're redirected to the login screen |
| # |
Aug 6th 2008, 16:54 |
francky06l |
Mathachew: then your problem is to identify this users ? |
| # |
Aug 6th 2008, 16:54 |
TommyO |
like Controller/action |
| # |
Aug 6th 2008, 16:53 |
Mathachew |
francky06l: I have an anonymous group. I already have it setup so that it applies this group's permissions to the user if they're not logged in. Authenticated users will have a specified group when they're added and such, permissions are inherited |
| # |
Aug 6th 2008, 16:53 |
TommyO |
ACL is a specific means of access control. there are many, many other ways |
| # |
Aug 6th 2008, 16:53 |
Mathachew |
How is access to an action not ACL? |
| # |
Aug 6th 2008, 16:53 |
francky06l |
Mathachew: you can then create a User for them (I mean a fake one) ? |
| # |
Aug 6th 2008, 16:52 |
TommyO |
Mathachew: no. can be determined by a model, ACL, a custom component, a controller, anything you want |
| # |
Aug 6th 2008, 16:52 |
Mathachew |
yep |
| # |
Aug 6th 2008, 16:52 |
francky06l |
Mathachew: is all the anonymous are to have the same rigthts? |
| # |
Aug 6th 2008, 16:52 |
TommyO |
regardless of before or after in beforeFIlter - it happens in startup anyway, AFTER beforeFilter |
| # |
Aug 6th 2008, 16:52 |
Mathachew |
how's that not tying itself to it? |
| # |
Aug 6th 2008, 16:52 |
Mathachew |
I have to tell the Auth model to allow access to an action that ACL would determine |
| # |
Aug 6th 2008, 16:52 |
francky06l |
Mathachew: you can check before Auth in beforeFilter .. |
| # |
Aug 6th 2008, 16:51 |
Mathachew |
hear me out |
| # |
Aug 6th 2008, 16:51 |
Mathachew |
no no no |
| # |
Aug 6th 2008, 16:51 |
TommyO |
�ACTION gives up talking to the wall� |
| # |
Aug 6th 2008, 16:51 |
Mathachew |
I know that |
| # |
Aug 6th 2008, 16:51 |
TommyO |
allow() is not ACL |
| # |
Aug 6th 2008, 16:51 |
Mathachew |
oh but it is |
| # |
Aug 6th 2008, 16:51 |
TommyO |
Mathachew: absolutely not |
| # |
Aug 6th 2008, 16:51 |
Mathachew |
so Auth is tying itself to the ACL, in a manner of speaking |
| # |
Aug 6th 2008, 16:51 |
francky06l |
TommyO: you can check before you give the Auth instruction .... I guess |
| # |
Aug 6th 2008, 16:50 |
francky06l |
Mathachew: well you have to check something in app_controller before to set the Auth parameter, but .... easy ? |
| # |
Aug 6th 2008, 16:50 |
TommyO |
Mathachew: ughh is right. your problem is Auth component automatically redirecting because the user isn't logged in and not allow()'ed. allow for that action and your problem disappears |
| # |
Aug 6th 2008, 16:49 |
Mathachew |
they have permission to read the controller, but they're redirected anywayh |
| # |
Aug 6th 2008, 16:49 |
Mathachew |
My problem is the Auth component automatically redirecting because the user isn't logged in |
| # |
Aug 6th 2008, 16:49 |
Mathachew |
ugh |
| # |
Aug 6th 2008, 16:49 |
Mathachew |
I don't want to specify $this->Auth->allow() in each controller I create when my custom ACL will allow/deny access to the controller's action |
| # |
Aug 6th 2008, 16:49 |
francky06l |
Mathachew: again, I do not know what your implementation is ..but seems quite easy to check if a user is authenticated or not, if not authenticate him as anonymous.. |
| # |
Aug 6th 2008, 16:48 |
Mathachew |
everything else is working |
| # |
Aug 6th 2008, 16:48 |
Mathachew |
I have everything I want in place except for anonymous users |
| # |
Aug 6th 2008, 16:48 |
Mathachew |
No, it's not what I want |
| # |
Aug 6th 2008, 16:48 |
TommyO |
which is what you want |
| # |
Aug 6th 2008, 16:48 |
Mathachew |
I know |
| # |
Aug 6th 2008, 16:48 |
TommyO |
if you allow(),, then they're NOT redirected |
| # |
Aug 6th 2008, 16:48 |
TommyO |
Mathachew: allow() has nothing to do with ACL. it has to do with whether an unauthenticated user gets redirected |
| # |
Aug 6th 2008, 16:47 |
Mathachew |
My default user is anonymous and permissions are created for the anonymous user, my problem is the Authentication being triggered when I don't need it to |
| # |
Aug 6th 2008, 16:47 |
francky06l |
Mathachew: well then if you have your own I do not know .... I am quite familiar with cake's native one ..... |
| # |
Aug 6th 2008, 16:47 |
francky06l |
Mathachew: I have solved this kind of problem by having a "default" user .... then you can have ACL on it ... everyone that has got a new session (or non Auth variable) get the same Auth variable ...contralable by ACL |