CakePHP Auth->allow only works on actions, not controllers

If you follow the CakePHP documentation on Authentication, you might end up with this line of code in your AppController.php file, in the beforeFilter() method.

$this->Auth->allow('view', 'index');

… And that’s fine for demo purposes. But that actually allows all view() and index() actions, on every controller in your application.

That’s not likely what you want. You will need to move that line of code out of the global AppController.php file, and put it in each SpecificWhateversController.php file, allowing whatever the specific actions you want to allow to users who have not logged in.

This entry was posted in CakePHP. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s