CakePHP: the rapid development php framework: CakeBot

Log message #106942

#	At	Username	Text
#	Aug 6th 2008, 16:57	Mathachew	That's not how I want to check my permissions
#	Aug 6th 2008, 16:56	Mathachew	bah.
#	Aug 6th 2008, 16:56	TommyO	$this->Auth->allow('action'); again
#	Aug 6th 2008, 16:56	francky06l	TommyO: yes allso ....
#	Aug 6th 2008, 16:56	Mathachew	TommyO: That's exactly what I'm aiming for
#	Aug 6th 2008, 16:56	TommyO	that is the same as giving anonymous access + user access
#	Aug 6th 2008, 16:56	TommyO	why not let all users, authenticated or not, to these actions?
#	Aug 6th 2008, 16:56	francky06l	Mathachew: so why not affect the same user to the non authenticaed users?
#	Aug 6th 2008, 16:55	Mathachew	but they're not checked
#	Aug 6th 2008, 16:55	Mathachew	the permissions are setup so that if checked, they were been granted
#	Aug 6th 2008, 16:55	Mathachew	let me rephrase that
#	Aug 6th 2008, 16:55	TommyO	sigh
#	Aug 6th 2008, 16:55	Mathachew	francky06l: no... my problem is granting permission to a controller/action on unauthenticated users, which it does, but since they're not logged in, they're redirected to the login screen
#	Aug 6th 2008, 16:54	francky06l	Mathachew: then your problem is to identify this users ?
#	Aug 6th 2008, 16:54	TommyO	like Controller/action
#	Aug 6th 2008, 16:53	Mathachew	francky06l: I have an anonymous group. I already have it setup so that it applies this group's permissions to the user if they're not logged in. Authenticated users will have a specified group when they're added and such, permissions are inherited
#	Aug 6th 2008, 16:53	TommyO	ACL is a specific means of access control. there are many, many other ways
#	Aug 6th 2008, 16:53	Mathachew	How is access to an action not ACL?
#	Aug 6th 2008, 16:53	francky06l	Mathachew: you can then create a User for them (I mean a fake one) ?
#	Aug 6th 2008, 16:52	TommyO	Mathachew: no. can be determined by a model, ACL, a custom component, a controller, anything you want
#	Aug 6th 2008, 16:52	Mathachew	yep
#	Aug 6th 2008, 16:52	francky06l	Mathachew: is all the anonymous are to have the same rigthts?
#	Aug 6th 2008, 16:52	TommyO	regardless of before or after in beforeFIlter - it happens in startup anyway, AFTER beforeFilter
#	Aug 6th 2008, 16:52	Mathachew	how's that not tying itself to it?
#	Aug 6th 2008, 16:52	Mathachew	I have to tell the Auth model to allow access to an action that ACL would determine
#	Aug 6th 2008, 16:52	francky06l	Mathachew: you can check before Auth in beforeFilter ..
#	Aug 6th 2008, 16:51	Mathachew	hear me out
#	Aug 6th 2008, 16:51	Mathachew	no no no
#	Aug 6th 2008, 16:51	TommyO	ACTION gives up talking to the wall
#	Aug 6th 2008, 16:51	Mathachew	I know that
#	Aug 6th 2008, 16:51	TommyO	allow() is not ACL
#	Aug 6th 2008, 16:51	Mathachew	oh but it is
#	Aug 6th 2008, 16:51	TommyO	Mathachew: absolutely not
#	Aug 6th 2008, 16:51	Mathachew	so Auth is tying itself to the ACL, in a manner of speaking
#	Aug 6th 2008, 16:51	francky06l	TommyO: you can check before you give the Auth instruction .... I guess
#	Aug 6th 2008, 16:50	francky06l	Mathachew: well you have to check something in app_controller before to set the Auth parameter, but .... easy ?
#	Aug 6th 2008, 16:50	TommyO	Mathachew: ughh is right. your problem is Auth component automatically redirecting because the user isn't logged in and not allow()'ed. allow for that action and your problem disappears
#	Aug 6th 2008, 16:49	Mathachew	they have permission to read the controller, but they're redirected anywayh
#	Aug 6th 2008, 16:49	Mathachew	My problem is the Auth component automatically redirecting because the user isn't logged in
#	Aug 6th 2008, 16:49	Mathachew	ugh
#	Aug 6th 2008, 16:49	Mathachew	I don't want to specify $this->Auth->allow() in each controller I create when my custom ACL will allow/deny access to the controller's action