| # |
Aug 6th 2008, 17:01 |
TommyO |
I said you don't need ACL |
| # |
Aug 6th 2008, 17:00 |
Mathachew |
do my checking before Auth comes in |
| # |
Aug 6th 2008, 17:00 |
TommyO |
nope |
| # |
Aug 6th 2008, 17:00 |
Mathachew |
well that's what you're telling me to do |
| # |
Aug 6th 2008, 17:00 |
Mathachew |
right? |
| # |
Aug 6th 2008, 17:00 |
TommyO |
no |
| # |
Aug 6th 2008, 17:00 |
Mathachew |
ACL before Authentication |
| # |
Aug 6th 2008, 17:00 |
TommyO |
AuthComponent helps with both if you let it |
| # |
Aug 6th 2008, 17:00 |
TommyO |
Auth(orization) is different than Auth(entication) |
| # |
Aug 6th 2008, 17:00 |
francky06l |
Mathachew: no, it's more simple |
| # |
Aug 6th 2008, 16:59 |
TommyO |
Auth does its check AFTER beforeFilter and before the action is called |
| # |
Aug 6th 2008, 16:59 |
Mathachew |
ACL before Auth, right? |
| # |
Aug 6th 2008, 16:59 |
Mathachew |
so I use Auth after I've established permissions |
| # |
Aug 6th 2008, 16:59 |
francky06l |
Mathachew: some code of you beforeFilter? |
| # |
Aug 6th 2008, 16:59 |
francky06l |
Mathachew: you have to check before Auth does |
| # |
Aug 6th 2008, 16:58 |
TommyO |
Mathachew: and why is Auth redirecting? |
| # |
Aug 6th 2008, 16:58 |
Mathachew |
I feel like I'm repeating myself |
| # |
Aug 6th 2008, 16:58 |
francky06l |
Mathachew: and? |
| # |
Aug 6th 2008, 16:58 |
Mathachew |
but Auth is redirecting. |
| # |
Aug 6th 2008, 16:58 |
Mathachew |
That's what I'm trying to do |
| # |
Aug 6th 2008, 16:58 |
francky06l |
Mathachew: it's simple really ... create an anonymous user, in beforeFilter check this user ..if not autheticated, affect him the anonymous user .. |
| # |
Aug 6th 2008, 16:57 |
Mathachew |
That's what I have! |
| # |
Aug 6th 2008, 16:57 |
TommyO |
Mathachew: yes! that's what I'm saying. deny all, allow specific actions |
| # |
Aug 6th 2008, 16:57 |
Mathachew |
TommyO: Again, only authenticated users are getting through, anonymous users are redirected |
| # |
Aug 6th 2008, 16:57 |
Mathachew |
but I guess I can't rely on Auth now |
| # |
Aug 6th 2008, 16:57 |
francky06l |
Mathachew: I guess your problem is you want to control the "bla" in allow ? |
| # |
Aug 6th 2008, 16:57 |
TommyO |
why are you checking permissions if everyone gets throguh for that action? |
| # |
Aug 6th 2008, 16:57 |
Mathachew |
I only want to force login if permission is initially denied |
| # |
Aug 6th 2008, 16:57 |
Mathachew |
That's not how I want to check my permissions |
| # |
Aug 6th 2008, 16:56 |
Mathachew |
bah. |
| # |
Aug 6th 2008, 16:56 |
TommyO |
$this->Auth->allow('action'); again |
| # |
Aug 6th 2008, 16:56 |
francky06l |
TommyO: yes allso .... |
| # |
Aug 6th 2008, 16:56 |
Mathachew |
TommyO: That's exactly what I'm aiming for |
| # |
Aug 6th 2008, 16:56 |
TommyO |
that is the same as giving anonymous access + user access |
| # |
Aug 6th 2008, 16:56 |
TommyO |
why not let all users, authenticated or not, to these actions? |
| # |
Aug 6th 2008, 16:56 |
francky06l |
Mathachew: so why not affect the same user to the non authenticaed users? |
| # |
Aug 6th 2008, 16:55 |
Mathachew |
but they're not checked |
| # |
Aug 6th 2008, 16:55 |
Mathachew |
the permissions are setup so that if checked, they were been granted |
| # |
Aug 6th 2008, 16:55 |
Mathachew |
let me rephrase that |
| # |
Aug 6th 2008, 16:55 |
TommyO |
*sigh* |
| # |
Aug 6th 2008, 16:55 |
Mathachew |
francky06l: no... my problem is granting permission to a controller/action on unauthenticated users, which it does, but since they're not logged in, they're redirected to the login screen |