Comments on: Getting Auth and Admin Routing to play nicely together http://teknoid.wordpress.com/2009/01/12/462/ Wed, 11 Nov 2009 14:36:41 +0000 http://wordpress.com/ hourly 1 By: teknoid http://teknoid.wordpress.com/2009/01/12/462/#comment-2395 teknoid Sat, 24 Oct 2009 22:53:48 +0000 http://teknoid.wordpress.com/?p=462#comment-2395 @Cody Great addition. Thanks for sharing. p.s. I've made corrections per your request. @Cody

Great addition. Thanks for sharing.

p.s. I’ve made corrections per your request.

]]> By: Cody http://teknoid.wordpress.com/2009/01/12/462/#comment-2394 Cody Sat, 24 Oct 2009 20:09:14 +0000 http://teknoid.wordpress.com/?p=462#comment-2394 First of all, thanks for the article, very simple concept and I really like it :). Just a quick tip for anyone out there who require your user authentication as well as admin and want to deny access to any user trying to use any admin prefixed link. 1) You need to create a field in your users table called 'role'. Then either make a user an 'admin' or 'user' (Or use whatever you prefer.). 2) In your AppController::beforeFilter() add this bit of code at the bottom $admin = Configure::read('Routing.admin'); if (isset($this->params[$admin]) && $this->params[$admin] && $this->Auth->user('role') != 'admin') { $this->Session->setFlash('You are not authorized.', 'default', array('class' => 'error')); $this->redirect('/'); } Basically what this does is check to see if the users role is admin and redirects to the home page if they are not. For added security remove the flash message and redirect and serve up a 404 error so the user doesn’t know they found an admin link. First of all, thanks for the article, very simple concept and I really like it :).

Just a quick tip for anyone out there who require your user authentication as well as admin and want to deny access to any user trying to use any admin prefixed link.

1) You need to create a field in your users table called ‘role’. Then either make a user an ‘admin’ or ‘user’ (Or use whatever you prefer.).

2) In your AppController::beforeFilter() add this bit of code at the bottom

$admin = Configure::read(‘Routing.admin’);
if (isset($this->params[$admin]) && $this->params[$admin] && $this->Auth->user(‘role’) != ‘admin’)
{
$this->Session->setFlash(‘You are not authorized.’, ‘default’, array(‘class’ => ‘error’));
$this->redirect(‘/’);
}

Basically what this does is check to see if the users role is admin and redirects to the home page if they are not. For added security remove the flash message and redirect and serve up a 404 error so the user doesn’t know they found an admin link.

]]> By: David http://teknoid.wordpress.com/2009/01/12/462/#comment-2133 David Tue, 25 Aug 2009 08:08:50 +0000 http://teknoid.wordpress.com/?p=462#comment-2133 I'd like to add my thanks for this great article. I had hoped to construct my app. so that I had one login form /users/login/ and then to use logic in the login action to decide if the user was an administrator and redirect them to /admin/users/whatever/. Is there a way to do this? All my attempts came to nought so for now I've used your method of having a separate admin login /admin/users/login/ I’d like to add my thanks for this great article.

I had hoped to construct my app. so that I had one login form /users/login/ and then to use logic in the login action to decide if the user was an administrator and redirect them to /admin/users/whatever/.

Is there a way to do this? All my attempts came to nought so for now I’ve used your method of having a separate admin login /admin/users/login/

]]> By: teknoid http://teknoid.wordpress.com/2009/01/12/462/#comment-1874 teknoid Fri, 26 Jun 2009 13:14:17 +0000 http://teknoid.wordpress.com/?p=462#comment-1874 @Gediminas Everything is disallowed by default. @Gediminas

Everything is disallowed by default.

]]> By: Gediminas http://teknoid.wordpress.com/2009/01/12/462/#comment-1871 Gediminas Fri, 26 Jun 2009 09:16:54 +0000 http://teknoid.wordpress.com/?p=462#comment-1871 It`s old school: $this->Auth->allow('index', 'view'); can we dissallow /admin/ prefix automatically? It`s old school:
$this->Auth->allow(‘index’, ‘view’);

can we dissallow /admin/ prefix automatically?

]]> By: teknoid http://teknoid.wordpress.com/2009/01/12/462/#comment-1835 teknoid Fri, 12 Jun 2009 14:34:22 +0000 http://teknoid.wordpress.com/?p=462#comment-1835 @Chirayu The approach would be the same, you simply need to check the role of the currently logged-in user. @Chirayu

The approach would be the same, you simply need to check the role of the currently logged-in user.

]]> By: Chirayu http://teknoid.wordpress.com/2009/01/12/462/#comment-1834 Chirayu Fri, 12 Jun 2009 13:15:00 +0000 http://teknoid.wordpress.com/?p=462#comment-1834 Hi techno, I went through your tutorial. I had a query on using auth component for Registered users as well as Admin users. You replied that its possible if your user table has the role field. I am using table structure which has Many to Many relations with User and Role and maintained into separate table called users_roles. Typically I have followed the structure posted here : http://www.studiocanaria.com/articles/cakephp_auth_component_users_gro can you suggest in brief what should be the approach, or some code example. Hi techno,

I went through your tutorial. I had a query on using auth component for Registered users as well as Admin users. You replied that its possible if your user table has the role field.

I am using table structure which has Many to Many relations with User and Role and maintained into separate table called users_roles. Typically I have followed the structure posted here : http://www.studiocanaria.com/articles/cakephp_auth_component_users_gro

can you suggest in brief what should be the approach, or some code example.

]]> By: kicaj http://teknoid.wordpress.com/2009/01/12/462/#comment-1776 kicaj Sun, 24 May 2009 21:15:07 +0000 http://teknoid.wordpress.com/?p=462#comment-1776 Okey:) I found soultion: http://teknoid.wordpress.com/2008/11/28/cakephp-url-based-language-switching-for-i18n-and-l10n-internationalization-and-localization/#comment-1515 But, Can i use admin prefix and language code together? How? Okey:) I found soultion: http://teknoid.wordpress.com/2008/11/28/cakephp-url-based-language-switching-for-i18n-and-l10n-internationalization-and-localization/#comment-1515

But, Can i use admin prefix and language code together? How?

]]> By: kicaj http://teknoid.wordpress.com/2009/01/12/462/#comment-1775 kicaj Sun, 24 May 2009 19:30:16 +0000 http://teknoid.wordpress.com/?p=462#comment-1775 I have next problem, hehe again:p When i add 'language' to my url (eg. in form action) i can't loggin to admin area, why? I use app_helper to add language, it't very simple... I have next problem, hehe again:p

When i add ‘language’ to my url (eg. in form action) i can’t loggin to admin area, why?
I use app_helper to add language, it’t very simple…

]]> By: teknoid http://teknoid.wordpress.com/2009/01/12/462/#comment-1769 teknoid Wed, 20 May 2009 21:30:56 +0000 http://teknoid.wordpress.com/?p=462#comment-1769 @kicaj You certainly can use it in App Controller. Usually this happens when you try to login/logout and leads you back to the page you came from, which creates a infinite loop. That being said, it's best to specify which actions you are "allowing" in the specific controller. @kicaj

You certainly can use it in App Controller.
Usually this happens when you try to login/logout and leads you back to the page you came from, which creates a infinite loop.

That being said, it’s best to specify which actions you are “allowing” in the specific controller.

]]>