0

I'm using Cakemanager Authorizer, but remarked that Authorizer is not running the isAuthorized() method. My config is as follow : 

$this->loadComponent('Auth', [
        'authenticate' => [
            'Form' => [
                'fields' => ['username' => 'email', 'password' => 'password']
            ],
            'ADmad/HybridAuth.HybridAuth'
        ],
        'loginRedirect' => [
            'plugin' => FALSE,
            'controller' => 'Pages',
            'action' => 'display',
            'home'
        ],
        'logoutRedirect' => [
            'controller' => 'Pages',
            'action' => 'display',
            'home'
        ],
        'authorize' => 'Controller'

    ]);
    $this->loadComponent('Utils.Authorizer');

And the isAuthorized method in PagesController :

public function isAuthorized($user)
{

    $this->Authorizer->action(['display', 'contact', 'about', 'tips', 'terms'], function($auth) {
        $auth->allowRole(['*']);
    });

    return $this->Authorizer->authorize();
}

But when accessing any of the listed actions, I got redirected to login page. I try this \Cake\Log\Log::info($this->Authorizer); and got the following log output :

Utils\Controller\Component\AuthorizerComponent Object ( [components] => Array ( ) [implementedEvents] => Array ( [Controller.initialize] => beforeFilter ) [_config] => Array ( [roleField] => role_id [Authorizer] => Array ( [roleField] => role_id ) ) )

And I think the Authorizer Component is running beforeFilter instead of isAuthorized. Am I doing something wrong ?

sk001
  • 561
  • 6
  • 27
  • Sounds like you are not logged in (ie authenticated)?! – ndm May 22 '16 at 13:43
  • @ndm, No, the user is not logged in. But unable the access home page (ie display() action). – sk001 May 22 '16 at 16:51
  • 1
    Then what you are seeing is the expected behavior. You need to understand the difference between authentication and authorization, that's two different things, the latter depends on the former, ie without successful authentication, there will never be authorizaton. **http://book.cakephp.org/3.0/en/controllers/components/authentication.html#authorization** – ndm May 22 '16 at 16:55
  • Oh @ndm, thank you this. I can understand that `isAuthorized()` is called if the user is authenticated. Thank you. – sk001 May 22 '16 at 20:14

0 Answers0