just $this->Auth->allow();
when prefix != 'admin'
CakePHP Auth only for Admin Prefix
-
06-10-2022 - |
Question
I have admin prefix where we have a CMS based section where site owners will be able to maintain the app content.
Is there any way to restrict automatically only those sections via Auth component. While other parts dont require authentication.
// other wise i will have to add a lot of actions like below
$this->Auth->allow('home', 'about', 'contacts);
Solution
OTHER TIPS
You can accomplish this pretty simply using Controller based Authorization: http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-controllerauthorize
The idea is that you will have an isAuthorized() method in your controller (and any controller where you want specific rules) that returns true or false based on the user's authorization.
So you could disable all admin paths (except for those who are authenticated) by putting something like this in your AppController:
public function isAuthorized($user) {
// * Admin section control
if (empty($this->params['admin'])) {
// ** DEFAULT: All users can access public functions
return true;
} else if(AuthComponent::user('role') == 'admin'){
// ** Allow admin users access to everything.
return true;
}
// * DEFAULT: Deny all
return false;
}
Edit: Oops -- this would only be useful if the user was already authenticated (logged in), sorry.