PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Wednesday, February 16, 2022

[FIXED] Autorize users in a multiple layer prefix

 February 16, 2022     cakephp, cakephp-3.0     No comments   

Issue

I am using cakephp to build a new website and for the admin part, I am using multi layer prefixes, for ex. (admin/web)

So in this case admin is a prefix and web is a prefix.

I have been trying to use authorize => controller and setup the isAuthorized function like the following:

public function isAuthorized($user = null)
    {
        if (!$this->request->getParam('prefix')) {
            return true;
        }
        // Only admins or specific roles can access admin functions
        if ($this->request->getParam('prefix') === 'admin') {
            if ($this->request->getParam('prefix') === 'web') {
                 return (bool)($user['role'] === 'admin');
            }
            return (bool)($user['role'] === 'admin');
        }
        return false;
    }

And in any controller I added:

public function beforeFilter(Event $event) 
{
    parent::beforeFilter($event);
}

But only the first prefix (admin) is working, the other (web), gives me a message, saying I need to login before I can see that page.

Any suggestions?

Thanks.


Solution

As Documentation says, you can move "admin" actions under admin scope:

Router::prefix('admin', function ($routes) {
    // All routes here will be prefixed with `/admin`
    // And have the prefix => admin route element added.
    $routes->fallbacks(DashedRoute::class);
});

and place your admin methods under lets say src/Controller/Admin/UsersController.php

Or you can use both prefixes how it is now, lets say: page/admin/web/page but in this case

 // $this->request->getParam('prefix') returns admin/web
public function isAuthorized($user = null)
    {
        $prefix =$this->request->getParam('prefix');
        if (!$prefix ) {
            return true; //sure?
        }
        // Only admins or specific roles can access admin functions
        if ($prefix==='web/admin' || $prefix==='admin') {
            return (bool)($user['role'] === 'admin');
        }
        return false;
    }


Answered By - Aivaras
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © PHPFixing