This is the second installment of my Auth Component Tutorial. I included a link to download a file for during the first installment:
CakePHP Auth 1 (4.3 KiB, 11,471 hits)
I just think that some of the stuff in there warrants some explanation.
isAuthorized()
This function is needed when $this-Auth->authorize = ‘controller’. Theory has it, you can do something similar in app_model if $this-Auth->authorize = ‘model’, but I haven’t looked into this.
The thing that confused me about this is that I thought you were required to perform your own validation. But oh no, this is additional authorization. Sort of like what beforeSave() does, where you can cancel the save after the validation. isAuthorized() is performed after the user has been logged in. If after that, you need some additional stuff, then you can put it in there. I’m not sure why it doesn’t default to return true like beforeSave() (if everything goes well), but if it’s not present, it errors out.
$this->Auth->user(‘group_id’)
In my User Model I have a field called group_id. So you guessed it, this just returns the group_id of the user that’s logged in. Things couldn’t be simpler.
$this->Auth->userScope = array(‘User.active’ => 1)
userScope is simply used as an added set of conditions and it behaves exactly the same way that $conditions works with the Model::find() function. So what I got about says that the user must be active to login.
So there you go. Happy Baking!
You wrote “The thing that confused me about this is that I thought you were required to perform your own validation. But oh know, this is additional authorization”
I think you are mixing Authentication and Authorization here – Logging in is Authentication and deciding if a particular action is allowed or not is Authorization – in other words Authorization is more related to Access Control(ACL) than Auth
Anyways – great effort!
No, I got it right. At the point that isAuthorized() is called, the user is already logged in, so it is performing authorization. It is called isAuthorized, after all.
This is cool, I was wondering what isAuthorized() was for. Thank you for clearing it up.
I really like your site, I was attempting to add to my favorites in entrecard and I got a serious bug message… I’m so happy to see my own web app is not the only one. In my app those generic msgs come out when somebody manages to get an ill formed query past the data validators. Oops. I’ll try again, I know they just did an update and messed up all the ad prices.
Hi kevin,
Is this site all dedicated to CakePHP? or do you try other frameworks as well. I have tried Codeigniter, seems simpler to me. Anyway i will add you to my fav list on entrecard since we share the same interest in the field of programming.
Regards
Thank you…
I really need that…
With respect to the group_id field in your User model…
From reading a whole slew of tutorials on this, I’m slightly confused. Does the ACL handle the group name and ID, or should a separate model be created to maintain an associated Group model?
It’s just that you say $this->Auth->user(’group_id’) returns the user’s group id, and it’s “that simple”, but what good is this group_id for exactly? Is it being used with ACL, for your own purposes…what?
Also, although I can look it up (and probably will, but for others who are reading here) does the $this-Auth->user() method allow you to get information on ANY field from the user model, or is it specific to information for the Auth component (since it’s called via the Auth class)?
Noooooo, ACL is a whole other animal. I simply have a basic Model for Group and go based off of the ID: admin – 0, editor – 1, etc. The user can’t edit these things. And if you delete the admin group (which I don’t allow) and later recreate it (thus pushing the ID to something other than 0), then you’re screwed. This is just my very simple method of grouping things.
ACL is all cool and dynamic and complicated. Sorry, maybe I’d get to it some time in the future when/if I understand it.
$this->Auth->user() returns the the entire user Model in an array if you don’t specify a key.
Hope that clarifies things.
It does clarify, thank you Baz! Thank you for the simple write ups as well, I’m sure it will be useful to others as time goes on (assuming it’s not changed much before the non-beta release).
ThanX. I appreciate it.
It’s just that I remember the great feeling of that lil’ light bulb going off in my head when Chris, TommyO and Gwoo helped me to understand this for the first time.
I’m just trying to share that.