Re: AuthComponent and AJAX Requests to another Controller
I checked, it seems that the Session breaks, what do I have to do so
it won't?
thx
Aurelius
On 5 Apr., 02:46, Miles J mileswjohn...@gmail.com wrote:
Heres an example of my js and action. Btw im using jquery.
// Js
function deleteAvatar(user_id) {
$.ajax({
type: POST,
url: /ajax/deleteAvatar/,
data: data[user_id]=+ user_id,
success:
function (response) {
// Do something with response
}
});
return false;
}
// Action
function deleteAvatar() {
$user_id = $this-Auth-user('id');
$owner_id = $this-data['user_id'];
if ($this-validRequest($owner_id) $user_id == $owner_id) {
if ($this-User-deleteAvatar($this-Auth-user())) {
$this-_refreshAuth('avatar', '');
echo 'pass';
return;
}
}
echo 'fail';
return;
}
The echos are my js response, and validRequest() is a custom method I
wrote.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
Set the session security to medium, if its on high it doesnt work. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
No, that does the RequesHandler with ther Parse Extention .json That can't be the Problem, after a second login in the other Controller the Content is delivered right! thx Aurelius On 4 Apr., 03:47, Alfredo Quiroga-Villamil laww...@gmail.com wrote: How are you defining you layout for the methods? Do you have ? $this-layout = 'ajax'; Regards, Alfredo On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com wrote: I already tried making the Blogs/edit/ Output static (in the edit.ctp- file is only I'm working), the BlogsController Method is as well empty, but still there's nothing coming from the Server other than an empty Document with an working header and StatusCode 200. When opening that link in the brwoser I get redirected to a login form :-/ The AJAX url looks like that: http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages... I've the same problem with another Controller which gets called through AJAX, so it can't be because of an endless loop or something like that ... Any more Ideas? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
You might want to check your aros_acos table to make sure the Group/
User has rights to the controller action ... otherwise the Auth
component will throw you at the login screen ...
step 1: select * from acos where parent_id=(select id from acos where
alias='Blogs');
step 2: find the id of the row matching 'index'
step 3: select * from aros_acos where aco_id=#;
if you don't have any rows returned then you'll need to
insert the values manually
insert into aros_acos values('',[user/group id from aros table],[id
from acos (step 2)],1,1,1,1);
On Apr 4, 3:55 am, Aurelius aurel...@temporaryinbox.com wrote:
No, that does the RequesHandler with ther Parse Extention .json
That can't be the Problem, after a second login in the other
Controller
the Content is delivered right!
thx
Aurelius
On 4 Apr., 03:47, Alfredo Quiroga-Villamil laww...@gmail.com wrote:
How are you defining you layout for the methods?
Do you have ?
$this-layout = 'ajax';
Regards,
Alfredo
On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com
wrote:
I already tried making the Blogs/edit/ Output static (in the edit.ctp-
file is only I'm working), the BlogsController Method is as well
empty, but still there's nothing coming from the Server other than an
empty Document with an working header and StatusCode 200. When opening
that link in the brwoser I get redirected to a login form :-/
The AJAX url looks like that:
http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages...
I've the same problem with another Controller which gets called
through AJAX, so it can't be because of an endless loop or something
like that ...
Any more Ideas?
thx
Aurelius
On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote:
Im doing the same thing but have not run into this problem. A few
questions:
1 - Are the controllers in the same folder, or different apps?
2 - Are you calling parent::beforeFilter() in both controllers?
3 - What lever is your security setting at? Try medium.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
I haven't tried this out yet, but I will soon have to be implementing
something like this. I don't know for certain if the Session
information is being sent along with the AJAX request - and if it's
not, we need to make an exception in the controller for Auth to
behave.
Using the RequestHandler's isAjax() method, along with the Auth allow
() might be a nice direction. Will it open some possible security
issues? Yes. In this case it's the user experience over
security...assuming my theoretical solution is in fact the only
solution. (But from what Miles has done, it sounds like it might not
be.)
On Apr 4, 12:13 pm, captain_geek landon.brads...@gmail.com wrote:
You might want to check your aros_acos table to make sure the Group/
User has rights to the controller action ... otherwise the Auth
component will throw you at the login screen ...
step 1: select * from acos where parent_id=(select id from acos where
alias='Blogs');
step 2: find the id of the row matching 'index'
step 3: select * from aros_acos where aco_id=#;
if you don't have any rows returned then you'll need to
insert the values manually
insert into aros_acos values('',[user/group id from aros table],[id
from acos (step 2)],1,1,1,1);
On Apr 4, 3:55 am, Aurelius aurel...@temporaryinbox.com wrote:
No, that does the RequesHandler with ther Parse Extention .json
That can't be the Problem, after a second login in the other
Controller
the Content is delivered right!
thx
Aurelius
On 4 Apr., 03:47, Alfredo Quiroga-Villamil laww...@gmail.com wrote:
How are you defining you layout for the methods?
Do you have ?
$this-layout = 'ajax';
Regards,
Alfredo
On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com
wrote:
I already tried making the Blogs/edit/ Output static (in the edit.ctp-
file is only I'm working), the BlogsController Method is as well
empty, but still there's nothing coming from the Server other than an
empty Document with an working header and StatusCode 200. When opening
that link in the brwoser I get redirected to a login form :-/
The AJAX url looks like that:
http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages...
I've the same problem with another Controller which gets called
through AJAX, so it can't be because of an endless loop or something
like that ...
Any more Ideas?
thx
Aurelius
On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote:
Im doing the same thing but have not run into this problem. A few
questions:
1 - Are the controllers in the same folder, or different apps?
2 - Are you calling parent::beforeFilter() in both controllers?
3 - What lever is your security setting at? Try medium.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
@ Miles J: How does your AJAX Request look like, did you do any
adjustments till it worked?
@captain_geek: I don't use ACL!
@Brendon Kozlowski: Thats seems to be a big security-issue, cause my
app admin panel should be completly with ajax
thx
Aurelius
On 4 Apr., 20:54, Brendon Kozlowski brendon...@hotmail.com wrote:
I haven't tried this out yet, but I will soon have to be implementing
something like this. I don't know for certain if the Session
information is being sent along with the AJAX request - and if it's
not, we need to make an exception in the controller for Auth to
behave.
Using the RequestHandler's isAjax() method, along with the Auth allow
() might be a nice direction. Will it open some possible security
issues? Yes. In this case it's the user experience over
security...assuming my theoretical solution is in fact the only
solution. (But from what Miles has done, it sounds like it might not
be.)
On Apr 4, 12:13 pm, captain_geek landon.brads...@gmail.com wrote:
You might want to check your aros_acos table to make sure the Group/
User has rights to the controller action ... otherwise the Auth
component will throw you at the login screen ...
step 1: select * from acos where parent_id=(select id from acos where
alias='Blogs');
step 2: find the id of the row matching 'index'
step 3: select * from aros_acos where aco_id=#;
if you don't have any rows returned then you'll need to
insert the values manually
insert into aros_acos values('',[user/group id from aros table],[id
from acos (step 2)],1,1,1,1);
On Apr 4, 3:55 am, Aurelius aurel...@temporaryinbox.com wrote:
No, that does the RequesHandler with ther Parse Extention .json
That can't be the Problem, after a second login in the other
Controller
the Content is delivered right!
thx
Aurelius
On 4 Apr., 03:47, Alfredo Quiroga-Villamil laww...@gmail.com wrote:
How are you defining you layout for the methods?
Do you have ?
$this-layout = 'ajax';
Regards,
Alfredo
On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com
wrote:
I already tried making the Blogs/edit/ Output static (in the edit.ctp-
file is only I'm working), the BlogsController Method is as well
empty, but still there's nothing coming from the Server other than an
empty Document with an working header and StatusCode 200. When opening
that link in the brwoser I get redirected to a login form :-/
The AJAX url looks like that:
http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages...
I've the same problem with another Controller which gets called
through AJAX, so it can't be because of an endless loop or something
like that ...
Any more Ideas?
thx
Aurelius
On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote:
Im doing the same thing but have not run into this problem. A few
questions:
1 - Are the controllers in the same folder, or different apps?
2 - Are you calling parent::beforeFilter() in both controllers?
3 - What lever is your security setting at? Try medium.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
Heres an example of my js and action. Btw im using jquery.
// Js
function deleteAvatar(user_id) {
$.ajax({
type: POST,
url: /ajax/deleteAvatar/,
data: data[user_id]=+ user_id,
success:
function (response) {
// Do something with response
}
});
return false;
}
// Action
function deleteAvatar() {
$user_id = $this-Auth-user('id');
$owner_id = $this-data['user_id'];
if ($this-validRequest($owner_id) $user_id == $owner_id) {
if ($this-User-deleteAvatar($this-Auth-user())) {
$this-_refreshAuth('avatar', '');
echo 'pass';
return;
}
}
echo 'fail';
return;
}
The echos are my js response, and validRequest() is a custom method I
wrote.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
ad 1) yes, they are in the same app ad 2) yes, they do ad 3) I'm trying low and it doesn't work, is it possible that there's something wrong with the AJAX Requests? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
I already tried making the Blogs/edit/ Output static (in the edit.ctp- file is only I'm working), the BlogsController Method is as well empty, but still there's nothing coming from the Server other than an empty Document with an working header and StatusCode 200. When opening that link in the brwoser I get redirected to a login form :-/ The AJAX url looks like that: http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages=deu%2Ceng I've the same problem with another Controller which gets called through AJAX, so it can't be because of an endless loop or something like that ... Any more Ideas? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
How are you defining you layout for the methods? Do you have ? $this-layout = 'ajax'; Regards, Alfredo On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com wrote: I already tried making the Blogs/edit/ Output static (in the edit.ctp- file is only I'm working), the BlogsController Method is as well empty, but still there's nothing coming from the Server other than an empty Document with an working header and StatusCode 200. When opening that link in the brwoser I get redirected to a login form :-/ The AJAX url looks like that: http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages=deu%2Ceng I've the same problem with another Controller which gets called through AJAX, so it can't be because of an endless loop or something like that ... Any more Ideas? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
