I’m new to cakephp and enjoy a good challenge,
but not everything is workable from the get-go
good tutorial you helped a huge amount

There may be slight issues with the zip file. But, since this article, the book.cakephp.org has actually come a long way.

You should check it out.

First of all, I just want to thank you for putting this tutorial together and providing the source files!

I’m writing because I’m running into some issues with getting this working (even though I copied your files exactly from the zip).

I can’t seem to get Auth->allow(‘*’) to work. No matter what I do, it always redirects me to the users/login screen.

This is extremely frustrating, as I can’t even figure out how to create the first initial user, which would let me log in, in the first place.

Also, what if I want to allow the public to access certain sections without logging in? No matter what I put in the Auth->allow() method, it always redirects me to the login screen.

Have you tried using your code on the new CakePHP RC4 release? That’s the codebase I’m working with, and I wonder if that might somehow be the problem?

Thank you very much for your time!

Tom Chapin’s last blog post..Flash 10 Demo

What I mean is that, it can require the user to login (for loginRedirect), but the default login page shouldn’t require special authorization or permissions.

This is what happens:
Say, loginRedirect is set to “/special” (needs authorization). Before login in the user tries to access “/users/index” (needs authorization). Auth tries to go to /users/index and it says that it’s not authorized. So, it defaults to loginRedirect. Therefore, it tries to go to /special. Well, /special has no Authorization either, so it tries to go back to the controller that it was referred from. And this is where the vicious cycle starts.

Good luck guys.

First of all I want to thank you for great tutorials on Auth component! but i have a problem, which i quite don’t know how to solve :> how do you redirect to login page if theres a missing controller and user is not loged in?? what i get is that error message is being displayed, but i want that if user is not loged in he should be redirected to login page.

It’s just that I remember the great feeling of that lil’ light bulb going off in my head when Chris, TommyO and Gwoo helped me to understand this for the first time.

I’m just trying to share that.

ACL is all cool and dynamic and complicated. Sorry, maybe I’d get to it some time in the future when/if I understand it.

$this->Auth->user() returns the the entire user Model in an array if you don’t specify a key.

Hope that clarifies things.

From reading a whole slew of tutorials on this, I’m slightly confused. Does the ACL handle the group name and ID, or should a separate model be created to maintain an associated Group model?

It’s just that you say $this->Auth->user(’group_id’) returns the user’s group id, and it’s “that simple”, but what good is this group_id for exactly? Is it being used with ACL, for your own purposes…what? Also, although I can look it up (and probably will, but for others who are reading here) does the $this-Auth->user() method allow you to get information on ANY field from the user model, or is it specific to information for the Auth component (since it’s called via the Auth class)?

Regards

I think you are mixing Authentication and Authorization here – Logging in is Authentication and deciding if a particular action is allowed or not is Authorization – in other words Authorization is more related to Access Control(ACL) than Auth

Anyways – great effort!