I am attempting to use the auth plugin Spark Plug on a new CakePHP 1.3 app at http://sandbox.andrewcroce.com. It is easy enough to set up, but for some reason I am getting redirect loop errors when trying to access anything other than the Users controller.
The plugin successfully allows you to register and login, the database appears to be written correctly. Confirmation emails are sent, and the verification link seems to activate a new user. However I am unable to access any page or controller开发者_如何转开发, other than the Users controller. The result is a redirect loop where http://sandbox.andrewcroce.com/errors/unauthorized is repeatedly requested.
For me this raises 2 questions: if I am logged in successfully, why is it trying to direct me to the unauthorized page? and why the heck does it keep redirecting to iself?
I wonder if this is a configuration setting I am not understanding in the spark plug config, but there isn't much explanation in the comments about what these settings do.
Any help would be appreciated.
I'm not sure about the Spark Plug specifics, but whenever you activate the Auth component you need to make sure you specify which actions are allowed for non-authenticated users, or else any requests for the action will be redirected to whatever your error action is. And then, if you error action isn't allowed, it will throw an error, sending you to... you guessed it, your error action, over and over.
Inside every controller, you need something inside your beforeFilter() method like this:
function beforeFilter() {
parent::beforeFilter();
// Allow all actions
$this->allow(*);
// Only allow view and index
$this->allow('view', 'index');
}
If you don't run the allow()
method, you're saying that none of the actions should be available to non-authenticated users. In particular, if you put allow('unauthorized')
in your ErrorsController
class, the unauthorized
action wouldn't redirect in a loop.
There is a table called "user_group_permissions" on spark_plug, for instance if you want to access a controller nameed "posts" and the action "sortBy" (http://localhost/posts/sortby/) then you need to add that permission to the table like this:
INSERT INTO `user_group_permissions` ( `user_group_id`, `plugin`, `controller`, `action`, `allowed`) VALUES
( 3, '', 'posts', 'sortBy', 1)
For this specific case the user_group_id number 3 is "Guest", in other words everybody will be able to access that action in the controller
精彩评论