CakePHP 2.1 - custom authorization object not loaded/executed

Question

I'm using CakePHP 2.1 RC + TinyAuthorize, the next way in AppController.php:

class AppController extends Controller {

    public $components = array('Auth');

    public function beforeFilter() {
        $this->Auth->authorize = array('Tiny');
    }

}

For some reason, Tiny doesn't get executed, thereby it's ACL rules not applied. Any ideas what could be wrong?

Answer 1

did you put it in app or tools plugin? for the latter it is supposed to be

$this->Auth->authorize = array('Tools.Tiny');

see http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/ for details

---

After figuring out your problem I edit my answer:

This * (= any) placeholder for “roles” only refers to those users that are logged in. You must not declare your public actions this way! All those must be declared using $this->Auth->allow().

The reason is that Authenticate comes before Authorize. So without Authentication (logged in) there will never be any Authorization (check on roles).