1

I installed CakeDC/users run migration, created the super user, copied the users.php to config/ directory.

And now in my website all pages are redirecting to login page. And i can't change this thing, cause i not well understand how permissions work.

My needs are to allow all pages on site, and block access only for one page with personal data for the user loggedin.

Any help, suggest readings, examples are welcome, BIG thanks!

cjquinn
  • 739
  • 3
  • 14
Artur Mamedov
  • 597
  • 1
  • 7
  • 17

2 Answers2

2

You will need to allow all actions in the beforeFilter of your AppController.

public function beforeFilter(Event $event)
{
    $this->Auth->allow();
}

See AuthComponent::allow

You will then need to deny the action that requires authentication in the beforeFilter of the controller that has that action.

public function beforeFilter(Event $event)
{
    // Where `loggedInAction` is the name of the
    // action that requires authentication 
    $this->Auth->deny('loggedInAction');
}

See AuthComponent::deny

cjquinn
  • 739
  • 3
  • 14
  • Thanks, yes this will work, but i not understood the purpose of `permissions.php` config file, can i configure all my permisssions from it? – Artur Mamedov Nov 09 '17 at 14:18
  • yes, that's exactly the idea. If you are using the Rbac Auth as described here https://github.com/CakeDC/auth/blob/master/Docs/Documentation/SimpleRbacAuthorize.md you can specify all your application permissions in this file – steinkel Nov 09 '17 at 14:27
  • @steinkel thanks, but i can't get it work, rules that i write not working, there are a table that explain things? Not logged user are 'guest'? If i want to allow all to all and only block one action on PagesController, how i can do? – Artur Mamedov Nov 09 '17 at 14:40
  • 1
    you are talking about different things. If you want to allow users to all actions, so they can access your application without login, and only protect the pages controller, then load the component in PagesController instead of AppController. And specify the rest of the actions in PagesController as allowed using `$this->Auth->allow([..action names.]);` – steinkel Nov 09 '17 at 15:28
  • 1
    What @steinkel says makes the most sense if you are only going to use auth for the one action. – cjquinn Nov 09 '17 at 15:50
1

Maybe you have to use this method for cakephp3.x , in your controllers:

 public function initialize()
 {
    $this->Auth->allow('youraction'); // this action will plublic. Not under auth control.
 }

Hope this link can help you: https://book.cakephp.org/3.0/en/controllers.html#the-app-controller

EmilianoSeroje Merlin
  • 11
  • 1