Hi, what version do you use? There was a bug in an older version that is fixed by now: https://trac.cakephp.org/changeset/8011
Regards Guenther RKS schrieb: > Hi friends, > I am a new user of CakePHP, and just finished the tutorials. I created > a small application for testing and found out a problem and also its > cause, its just that I dont know if it is a real problem or not. > > Here are relevant details :- > > 1. I have just 2 models : 'User' and 'Group' > 2. Two controllers : users_controller.php, groups_controller.php > 3. Nothing is baked, all hand-coded. > 4. Most of the things are setup exactly like in ACL Example > Application in cookbook : 3 groups, 3 users. > 5. In app_controller.php i have just the same function body of > beforeFilter as described in that application. > > Now, the real thing : > 1. i created a function in users_controller : adminTest (). > 2. that function does nothing, but according to ACL tables, only > administrator can view it (its view has a simple msg). > 3. but whenever i access the function in browser : <cakephppath>/users/ > adminTest, i always see it no matter i am > logged in or not. > 4. now, after a lot of 'research', i reached up to the source code of > startup() function of Auth component in cake's > source code. > 5. i sprinkled that function with many logging functions. now if you > take a look at the first 'if' condition, which tests > for the value of $isErrorOrTests, it returns true if the condition > is satisfied. My log files suggests that the function > is returning true from that very if statement bypassing any > authentication. > 6. the value of $isErrorOnTests depends on 3 conditions OR'ed > together. The last(third) one is one which i am interested in as the > above two are obviously false (look source code to know why). > 7. the third condition is : > ! in_array ($controller->params['action'], $controller- >> methods) > 8. so, if that is true, the 'action' is NOT in the $controller- >> methods. > 9. now i printed this in logs : print_r ($controller->methods, true) > 10. what i saw was an array which contained : 'admintest' (notice my > function's name was 'adminTest', 'T' is > capital) > 11. now the cool thing is if i add 'adminTest' to $this->methods in > beforeFilter of my controller, the authentication > system works fine and throws me on login page. > 12. or even if rather than adding 'adminTest' to $this->methods, i > just rename my function to 'admintest' and also > change the name of the corresponding view, even then > authentication works and i come to login page !!! > > So, my question is, isnt is a good idea to mention it somewhere that > this happens so that new users dont get > confused, or is it some kind of bug ? > > Thanks everyone here for making Cake such a great piece of software :) > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---