Trying one more time... The requirement is that in production, you need to authenticate to get access to the API, and that in development, no authentication is required.
The assumption is that the authentication will be session based, with a
form based login action. There has been mention of a .htaccess file, but
it wasn't clearly stated if this was used to provide authentication via
Basic Authentication.
In the AppController, I would have:
public function beforeFilter() {
/* set up Authentication */
if (!Configure::read('developmentMode')) {
$this->Auth->deny(); /* a default deny for all actions, when not in
developmentMode */
} else {
$this->Auth->allow(); /* a default allow for all actions, when in
development mode */
}
}
And then in any controller, I would have:
public function beforeFilter() {
parent::beforeFilter();
/* the remainder of your code, to allow actions, and lift authentication
restrictions for particular actions */
}
In production, this will ensure that all actions are denied by default, to
be overridden by specific controllers.
In development, this will set up a default allow for all actions.
It's been a while since I've actually played with the CakePHP 2.X Auth
stuff, but that's the general idea I was going for.
Best of luck finding a solution.
Regards
Reuben Helms
On Tue, Dec 3, 2013 at 8:39 AM, Advantage+ <movepix...@gmail.com> wrote:
> I appolagize.
>
>
>
> But if parent::before filter is called in the controller and reads
> production or development anything called after that will be over-ridden no?
>
>
>
> You cannot get an API called back to a password protected folder so you
> have to remove the password protection, but if you want it to be a hidden
> folder which is not accessible you need a way to hide it.
>
>
>
> *Dave Maharaj*
>
> *Freelance Designer | Developer*
> [image: Description: header_logo]
> www.movepixels.com | d...@movepixels.com | 709.800.0852
>
>
>
> *From:* cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] *On
> Behalf Of *AD7six
> *Sent:* Saturday, November 30, 2013 11:08 AM
>
> *To:* cake-php@googlegroups.com
> *Subject:* Re: Production and Development Environment
>
>
>
>
>
> On Friday, 29 November 2013 05:45:50 UTC+1, advantage+ wrote:
>
> Hmm sounds like the exact thing I said……..and if you do
>
> Beforefilter::parent () in the controller what was the point of asking if
> there is an easy way to no go thur every controller!
>
> Example::
>
>
>
> public function beforeFilter() {
>
> parent::beforeFilter();
>
> $this->Auth->deny();
>
>
>
>
>
> //Allow Security to allow ajax request for these actions
>
> $ajax_request = array('manage_add', 'manage_edit', '
> manage_delete');
>
> if(in_array($this->params['action'], $ajax_request)){
>
>
>
> $this->Security->unlockedActions = $ajax_request;
>
> $this->Security->csrfCheck = false;
>
> }
>
> }
>
>
>
> Since parent:: is called you have to go thru every controller no?
>
>
>
> If you see a correct way I happy to hear about it.
>
>
>
> Thanks,
>
> Dave.
>
> --
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "CakePHP" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/cake-php/qY0yLORk4MM/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> cake-php+unsubscr...@googlegroups.com.
> To post to this group, send email to cake-php@googlegroups.com.
> Visit this group at http://groups.google.com/group/cake-php.
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
<<image001.jpg>>
