zen of coding

Quickly grant Auth access to multiple controllers

Common way to allow Auth access to all actions in a controller is to do something like this:

//In some controller

public function beforeFilter() {
  $this->Auth->allow('*');
  parent::beforeFilter();
}

However it can get pretty tedious if you’ve got lots of controllers and have to go through a bunch of them to enable (or disable) access.

Instead, try something like this in your AppController:

public function beforeFilter() {
  $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
  $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
  $this->allowAccess();
}

private function allowAccess() {
  if(in_array($this->name, array('Pages'))) {
    $this->Auth->allow('*');
  }
}

The above will let Auth to access everything in the PagesController.
If you need to grant access to additional controllers simply add them to the array of names:
array(‘Pages’, ‘Books’, ‘Customers’, ‘Etc’)

Having to deal with a single file to grant/deny access just makes things easier…
You could even make that “grantable” array a property of the AppController.

  • Gordon

    Convention says that allowAccess() should be called __allowAccess(), since it is private.

  • Pingback: Tweets that mention Quickly grant Auth access to multiple controllers « nuts and bolts of cakephp -- Topsy.com()

  • @Gordon

    Which convention?
    In PHP5+ it makes no difference, other than it might be easier to see which method is private or protected, however I’ve always found it annoying to prepend user functions with underscores.
    That being said, to each their own ;)

  • Gordon
  • @Gordon @teknoid From my (albeit limited) experience, methods placed in the AppController are granted access through the CakePHP Router if they are not private/protected. So while the code above would theoretically be set private in PHP5, it isn’t backwards compatible with the CakePHP Router in PHP4.

    It should be fine for everyone aware of that little niggle, but for everyone else, it might be best to go by the member visibility coding standards of PHP4 (CakePHP IS still PHP4-compatible). Either that or create a warning that this is PHP5 code and may result in unexpected results in PHP4.

  • @Gordon

    You missed an important point: “As we cannot use PHP5’s private and protected keywords for methods or variables, we agree on following rules…”

    The reason cake’s core still uses underscores is due to the PHP4 support in 1.x series.

    @Jose Diaz-Gonzalez

    You are correct. For those running PHP4, underscores *must* be used, however (hopefully) most of us are on PHP5+ by now… For those attempting the above code on PHP4, it would result in syntax errors most likely anyway.
    I’m hoping that most readers realize this difference by now.

    Nonetheless, thanks for bringing up this point for those who might be having trouble with the code.

  • Supplemental to teknoid’s code, if you wanted somewhat finer grained control, you could also use a similar trick with the $this->action property value. I use this within my particular controllers, but there’s no reason it couldn’t be handled in the AppController if you have many to maintain. Mix and match. :)

  • emptywalls

    Thanks Teknoid! This is another one of your techniques that I found useful.

  • @emptywalls

    No problemo ;)

  • Ceeram

    //In some controller

    public function beforeFilter() {
    $this->Auth->allow(‘*’);
    parent::beforeFilter();
    }

    will not allow all since parent will reset the value, first call parent then allow(‘*’) like this:

    //In some controller

    public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow(‘*’);
    }

    • Gordon

      That kind of defeats the point of the article, which AFAICT is to not be putting allow(‘*’) in every controller.

  • @Ceeram

    That would really depend on what’s in the AppController’s beforeFilter()…

    • demophas3

      Hmm, Why you put the same code twice?? I mean if we declare $this->Auth->allow(*); on the app-controller, we dont have to put it on each controller inherited it.. correct me if im wrong.

  • @demophas3

    They are two different snippets of code…

    The first one allows access to all, the second one denies the access to all… and then allows based on the controller name.

%d bloggers like this: