I see that in the CakePHP 3 documentation examples the Auth component allow and deny functions are used in initialize function of the controllers. Whereas I see some examples online and on stackoverflow where people use those methods calls in beforeFilter.
What's the best and most efficient way to deal with this in CakePHP 3.6 application? Should I use the following method calls:
$this->Auth->allow(/*...*/);
$this->Auth->deny(/*...*/);
In initialize or beforeFilter?
Thanks for any help.
Actual check if action is allowed is, by default, made in Controller.startup event. As defining allowed/disallowed actions needs to take place before that, and both Controller::initialize() and Controller::beforeFilter() meets this requirement, both should be good candidates to define allowed actions in.
But, in Auth config you can change event where this check is done, so a safer place for defining allowed actions would be Controller::initialize(), as it is called before any event that Auth can hook to.
