Re: AuthComponent and AJAX Requests to another Controller
I checked, it seems that the Session breaks, what do I have to do so it won't? thx Aurelius On 5 Apr., 02:46, Miles J mileswjohn...@gmail.com wrote: Heres an example of my js and action. Btw im using jquery. // Js function deleteAvatar(user_id) { $.ajax({ type: POST, url: /ajax/deleteAvatar/, data: data[user_id]=+ user_id, success: function (response) { // Do something with response } }); return false; } // Action function deleteAvatar() { $user_id = $this-Auth-user('id'); $owner_id = $this-data['user_id']; if ($this-validRequest($owner_id) $user_id == $owner_id) { if ($this-User-deleteAvatar($this-Auth-user())) { $this-_refreshAuth('avatar', ''); echo 'pass'; return; } } echo 'fail'; return; } The echos are my js response, and validRequest() is a custom method I wrote. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
Set the session security to medium, if its on high it doesnt work. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
No, that does the RequesHandler with ther Parse Extention .json That can't be the Problem, after a second login in the other Controller the Content is delivered right! thx Aurelius On 4 Apr., 03:47, Alfredo Quiroga-Villamil laww...@gmail.com wrote: How are you defining you layout for the methods? Do you have ? $this-layout = 'ajax'; Regards, Alfredo On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com wrote: I already tried making the Blogs/edit/ Output static (in the edit.ctp- file is only I'm working), the BlogsController Method is as well empty, but still there's nothing coming from the Server other than an empty Document with an working header and StatusCode 200. When opening that link in the brwoser I get redirected to a login form :-/ The AJAX url looks like that: http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages... I've the same problem with another Controller which gets called through AJAX, so it can't be because of an endless loop or something like that ... Any more Ideas? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
You might want to check your aros_acos table to make sure the Group/ User has rights to the controller action ... otherwise the Auth component will throw you at the login screen ... step 1: select * from acos where parent_id=(select id from acos where alias='Blogs'); step 2: find the id of the row matching 'index' step 3: select * from aros_acos where aco_id=#; if you don't have any rows returned then you'll need to insert the values manually insert into aros_acos values('',[user/group id from aros table],[id from acos (step 2)],1,1,1,1); On Apr 4, 3:55 am, Aurelius aurel...@temporaryinbox.com wrote: No, that does the RequesHandler with ther Parse Extention .json That can't be the Problem, after a second login in the other Controller the Content is delivered right! thx Aurelius On 4 Apr., 03:47, Alfredo Quiroga-Villamil laww...@gmail.com wrote: How are you defining you layout for the methods? Do you have ? $this-layout = 'ajax'; Regards, Alfredo On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com wrote: I already tried making the Blogs/edit/ Output static (in the edit.ctp- file is only I'm working), the BlogsController Method is as well empty, but still there's nothing coming from the Server other than an empty Document with an working header and StatusCode 200. When opening that link in the brwoser I get redirected to a login form :-/ The AJAX url looks like that: http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages... I've the same problem with another Controller which gets called through AJAX, so it can't be because of an endless loop or something like that ... Any more Ideas? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
I haven't tried this out yet, but I will soon have to be implementing something like this. I don't know for certain if the Session information is being sent along with the AJAX request - and if it's not, we need to make an exception in the controller for Auth to behave. Using the RequestHandler's isAjax() method, along with the Auth allow () might be a nice direction. Will it open some possible security issues? Yes. In this case it's the user experience over security...assuming my theoretical solution is in fact the only solution. (But from what Miles has done, it sounds like it might not be.) On Apr 4, 12:13 pm, captain_geek landon.brads...@gmail.com wrote: You might want to check your aros_acos table to make sure the Group/ User has rights to the controller action ... otherwise the Auth component will throw you at the login screen ... step 1: select * from acos where parent_id=(select id from acos where alias='Blogs'); step 2: find the id of the row matching 'index' step 3: select * from aros_acos where aco_id=#; if you don't have any rows returned then you'll need to insert the values manually insert into aros_acos values('',[user/group id from aros table],[id from acos (step 2)],1,1,1,1); On Apr 4, 3:55 am, Aurelius aurel...@temporaryinbox.com wrote: No, that does the RequesHandler with ther Parse Extention .json That can't be the Problem, after a second login in the other Controller the Content is delivered right! thx Aurelius On 4 Apr., 03:47, Alfredo Quiroga-Villamil laww...@gmail.com wrote: How are you defining you layout for the methods? Do you have ? $this-layout = 'ajax'; Regards, Alfredo On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com wrote: I already tried making the Blogs/edit/ Output static (in the edit.ctp- file is only I'm working), the BlogsController Method is as well empty, but still there's nothing coming from the Server other than an empty Document with an working header and StatusCode 200. When opening that link in the brwoser I get redirected to a login form :-/ The AJAX url looks like that: http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages... I've the same problem with another Controller which gets called through AJAX, so it can't be because of an endless loop or something like that ... Any more Ideas? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
@ Miles J: How does your AJAX Request look like, did you do any adjustments till it worked? @captain_geek: I don't use ACL! @Brendon Kozlowski: Thats seems to be a big security-issue, cause my app admin panel should be completly with ajax thx Aurelius On 4 Apr., 20:54, Brendon Kozlowski brendon...@hotmail.com wrote: I haven't tried this out yet, but I will soon have to be implementing something like this. I don't know for certain if the Session information is being sent along with the AJAX request - and if it's not, we need to make an exception in the controller for Auth to behave. Using the RequestHandler's isAjax() method, along with the Auth allow () might be a nice direction. Will it open some possible security issues? Yes. In this case it's the user experience over security...assuming my theoretical solution is in fact the only solution. (But from what Miles has done, it sounds like it might not be.) On Apr 4, 12:13 pm, captain_geek landon.brads...@gmail.com wrote: You might want to check your aros_acos table to make sure the Group/ User has rights to the controller action ... otherwise the Auth component will throw you at the login screen ... step 1: select * from acos where parent_id=(select id from acos where alias='Blogs'); step 2: find the id of the row matching 'index' step 3: select * from aros_acos where aco_id=#; if you don't have any rows returned then you'll need to insert the values manually insert into aros_acos values('',[user/group id from aros table],[id from acos (step 2)],1,1,1,1); On Apr 4, 3:55 am, Aurelius aurel...@temporaryinbox.com wrote: No, that does the RequesHandler with ther Parse Extention .json That can't be the Problem, after a second login in the other Controller the Content is delivered right! thx Aurelius On 4 Apr., 03:47, Alfredo Quiroga-Villamil laww...@gmail.com wrote: How are you defining you layout for the methods? Do you have ? $this-layout = 'ajax'; Regards, Alfredo On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com wrote: I already tried making the Blogs/edit/ Output static (in the edit.ctp- file is only I'm working), the BlogsController Method is as well empty, but still there's nothing coming from the Server other than an empty Document with an working header and StatusCode 200. When opening that link in the brwoser I get redirected to a login form :-/ The AJAX url looks like that: http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages... I've the same problem with another Controller which gets called through AJAX, so it can't be because of an endless loop or something like that ... Any more Ideas? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
Heres an example of my js and action. Btw im using jquery. // Js function deleteAvatar(user_id) { $.ajax({ type: POST, url: /ajax/deleteAvatar/, data: data[user_id]=+ user_id, success: function (response) { // Do something with response } }); return false; } // Action function deleteAvatar() { $user_id = $this-Auth-user('id'); $owner_id = $this-data['user_id']; if ($this-validRequest($owner_id) $user_id == $owner_id) { if ($this-User-deleteAvatar($this-Auth-user())) { $this-_refreshAuth('avatar', ''); echo 'pass'; return; } } echo 'fail'; return; } The echos are my js response, and validRequest() is a custom method I wrote. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
ad 1) yes, they are in the same app ad 2) yes, they do ad 3) I'm trying low and it doesn't work, is it possible that there's something wrong with the AJAX Requests? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
I already tried making the Blogs/edit/ Output static (in the edit.ctp- file is only I'm working), the BlogsController Method is as well empty, but still there's nothing coming from the Server other than an empty Document with an working header and StatusCode 200. When opening that link in the brwoser I get redirected to a login form :-/ The AJAX url looks like that: http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages=deu%2Ceng I've the same problem with another Controller which gets called through AJAX, so it can't be because of an endless loop or something like that ... Any more Ideas? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: AuthComponent and AJAX Requests to another Controller
How are you defining you layout for the methods? Do you have ? $this-layout = 'ajax'; Regards, Alfredo On Fri, Apr 3, 2009 at 8:30 PM, Aurelius aurel...@temporaryinbox.com wrote: I already tried making the Blogs/edit/ Output static (in the edit.ctp- file is only I'm working), the BlogsController Method is as well empty, but still there's nothing coming from the Server other than an empty Document with an working header and StatusCode 200. When opening that link in the brwoser I get redirected to a login form :-/ The AJAX url looks like that: http://myhost.com/Blogs/edit/Content.json?_dc=1238803628586languages=deu%2Ceng I've the same problem with another Controller which gets called through AJAX, so it can't be because of an endless loop or something like that ... Any more Ideas? thx Aurelius On 3 Apr., 22:40, Miles J mileswjohn...@gmail.com wrote: Im doing the same thing but have not run into this problem. A few questions: 1 - Are the controllers in the same folder, or different apps? 2 - Are you calling parent::beforeFilter() in both controllers? 3 - What lever is your security setting at? Try medium. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---