Re: Auth / Acl redirect issue CakePHP 1.3.4
Hi there, I had very similar problems to this... If you split visiting urls into 6 separate cases. 1) not logged in visiting a url by clicking on a link 2) not logged in visiting a url by directly inputting it in browser 3) logged in visiting a url by clicking on a link - access allowed 4) logged in visiting a url by direclty inputting it in a browser - access allowed 5) logged in visiting a url by clicking on a link - but insufficient Acl permissions for page 6) logged in visiting a url by directly inputting it in a browser - insufficient Acl permissions for page You get varied behaviours. This all arises due to the tightly interwoven dependency between Auth / Acl, but not having sufficient distinct redirect variables configured to deal with the 2 separate cases of insufficient privilages (excuse the spelling) vs not authenticated. I had a long (heated) chat in IRC with someone regarding this and have also submitted this as a bug (i.e what happens in some of these cases is not documented / inconsistent) and in the end, even though it is (in my eyes) a VITAL part of the framework to make sure it is addressed, I, and many others have been brushed off (requests / queries of this nature do crop up frequently) I did figure out a solution, and in doing so decided to try and neaten up my code / refactor it into a separate Acl component but in doing more research, decided that the Acl mechanism was just too cumbersome for what I need at the moment anyway. I checked out authsome, and that works fine for me (although there was some of the plugin code in that that needed to be updated to make it work with Routes and plugins) I might get round to digging out my fixes if you're interested, but they were a bit unsitely and involved (if memory serves me) code placed in beforeFilter, some more AppController variables being set and also an override of the referer and the acl check function to be implemented, so it wasn't a nice fix. I'd much rather it got recognised as a proper core issue to be coded by a main dev team member. On Nov 17, 5:02 am, Amit Badkas amit.sanis...@gmail.com wrote: Hi, Auth component uses 'loginRedirect' (by default, /users/login or /admin/users/login) class property for redirecting non-logged in users to login page if you are on restricted page. Amit Badkas PHP Applications for E-Biz:http://www.sanisoft.com On Wed, Nov 17, 2010 at 12:56 AM, danielnolan danielano...@gmail.comwrote: I am not sure that is one hundred percent accurate, if I am logged in as an admin and i type a restricted URL in the address bar of the browser I get redirected to the main site home page. If i am not logged in and I type the same restricted URL in the address bar of the browser i get redirected to the admin/login page and I get a flash message saying that I am not authorized to access that location. So how does the app know to redirect me to the admin/login page when not logged in, but when logged in I get redirected to the main site home page? On Nov 16, 12:08 am, Amit Badkas amit.sanis...@gmail.com wrote: Hi, The redirection after ACL fails depends on HTTP_REFERER environment variable. If you access the restricted URL directly then referrer doesn't get set, that's why '/' (by default, home page) is being used. Amit Badkas PHP Applications for E-Biz:http://www.sanisoft.com On Mon, Nov 15, 2010 at 10:06 PM, danielnolan danielano...@gmail.com wrote: I have an application setup with admin prefix route, Auth, and ACL. everything seems to be working as expected, except when I am logged in as an admin user and I try to access a ACL restriced action by typing the url in the address bar of the browser. I get redirected to the home page of the site (view/pages/home.ctp) instead of the admin dashboard (users/admin_dashboard) i have created. If I click on a link to the exact same action in the admin dashboard that is restricted, I get redirected to the admin dashboard as expected with an auth error message telling me I am not authorized to access that location. What am I missing? Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.comcake-php%2bunsubscr...@googlegroups.com cake-php%2bunsubscr...@googlegroups.comcake-php%252bunsubscr...@googlegroups.comFor more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions sitehttp://cakeqs.organd help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to
Re: Auth / Acl redirect issue CakePHP 1.3.4
I am not sure that is one hundred percent accurate, if I am logged in as an admin and i type a restricted URL in the address bar of the browser I get redirected to the main site home page. If i am not logged in and I type the same restricted URL in the address bar of the browser i get redirected to the admin/login page and I get a flash message saying that I am not authorized to access that location. So how does the app know to redirect me to the admin/login page when not logged in, but when logged in I get redirected to the main site home page? On Nov 16, 12:08 am, Amit Badkas amit.sanis...@gmail.com wrote: Hi, The redirection after ACL fails depends on HTTP_REFERER environment variable. If you access the restricted URL directly then referrer doesn't get set, that's why '/' (by default, home page) is being used. Amit Badkas PHP Applications for E-Biz:http://www.sanisoft.com On Mon, Nov 15, 2010 at 10:06 PM, danielnolan danielano...@gmail.comwrote: I have an application setup with admin prefix route, Auth, and ACL. everything seems to be working as expected, except when I am logged in as an admin user and I try to access a ACL restriced action by typing the url in the address bar of the browser. I get redirected to the home page of the site (view/pages/home.ctp) instead of the admin dashboard (users/admin_dashboard) i have created. If I click on a link to the exact same action in the admin dashboard that is restricted, I get redirected to the admin dashboard as expected with an auth error message telling me I am not authorized to access that location. What am I missing? Check out the new CakePHP Questions sitehttp://cakeqs.organd help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.comcake-php%2bunsubscr...@googlegroups.comFor more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Auth / Acl redirect issue CakePHP 1.3.4
Hi, Auth component uses 'loginRedirect' (by default, /users/login or /admin/users/login) class property for redirecting non-logged in users to login page if you are on restricted page. Amit Badkas PHP Applications for E-Biz: http://www.sanisoft.com On Wed, Nov 17, 2010 at 12:56 AM, danielnolan danielano...@gmail.comwrote: I am not sure that is one hundred percent accurate, if I am logged in as an admin and i type a restricted URL in the address bar of the browser I get redirected to the main site home page. If i am not logged in and I type the same restricted URL in the address bar of the browser i get redirected to the admin/login page and I get a flash message saying that I am not authorized to access that location. So how does the app know to redirect me to the admin/login page when not logged in, but when logged in I get redirected to the main site home page? On Nov 16, 12:08 am, Amit Badkas amit.sanis...@gmail.com wrote: Hi, The redirection after ACL fails depends on HTTP_REFERER environment variable. If you access the restricted URL directly then referrer doesn't get set, that's why '/' (by default, home page) is being used. Amit Badkas PHP Applications for E-Biz:http://www.sanisoft.com On Mon, Nov 15, 2010 at 10:06 PM, danielnolan danielano...@gmail.com wrote: I have an application setup with admin prefix route, Auth, and ACL. everything seems to be working as expected, except when I am logged in as an admin user and I try to access a ACL restriced action by typing the url in the address bar of the browser. I get redirected to the home page of the site (view/pages/home.ctp) instead of the admin dashboard (users/admin_dashboard) i have created. If I click on a link to the exact same action in the admin dashboard that is restricted, I get redirected to the admin dashboard as expected with an auth error message telling me I am not authorized to access that location. What am I missing? Check out the new CakePHP Questions sitehttp://cakeqs.organd help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.comcake-php%2bunsubscr...@googlegroups.com cake-php%2bunsubscr...@googlegroups.comcake-php%252bunsubscr...@googlegroups.comFor more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.comcake-php%2bunsubscr...@googlegroups.comFor more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Auth / Acl redirect issue CakePHP 1.3.4
Hi, The redirection after ACL fails depends on HTTP_REFERER environment variable. If you access the restricted URL directly then referrer doesn't get set, that's why '/' (by default, home page) is being used. Amit Badkas PHP Applications for E-Biz: http://www.sanisoft.com On Mon, Nov 15, 2010 at 10:06 PM, danielnolan danielano...@gmail.comwrote: I have an application setup with admin prefix route, Auth, and ACL. everything seems to be working as expected, except when I am logged in as an admin user and I try to access a ACL restriced action by typing the url in the address bar of the browser. I get redirected to the home page of the site (view/pages/home.ctp) instead of the admin dashboard (users/admin_dashboard) i have created. If I click on a link to the exact same action in the admin dashboard that is restricted, I get redirected to the admin dashboard as expected with an auth error message telling me I am not authorized to access that location. What am I missing? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.comcake-php%2bunsubscr...@googlegroups.comFor more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en