troubleshooting Cakephp auth component not allowing allowed actions

Sept 2 update:

This has become a very difficult puzzle to solve. Setting up a basic auth, which is all that I want, should involve very few steps. I have done many tests, adding and removing code, reviewing the cake manual, reading tutorials and going step by step through the cakePHP 1.3 application development cookbook by Mariano Iglesias - good book. http://goo.gl/93BGw

But the problem I'm still facing is that the app controller is the only place the 'allowed' actions work. In individual controllers the parent:beforeFi开发者_如何学JAVAlter doesn't get recognized and I'm redirected back to the users login page.

Any help with this is really appreciated. What I'm wondering is how I might debug this type of problem. Are there any other configuration settings I should look at, like 'prefix routing'?

=======================

Sept 1 update:

After a lot of testing what appears to be the issue is that the 'before:filter' in individual controllers isn't being recognized. Example in the post controller:

    public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow = array('edit'); 
}

Has anyone had this happen before? I've referred to the cakePHP manual as well as many online articles and tutorials and it doesn't make any sense to me. I've even tried to build a simple application with just the users and post controller and still, the before:filter settings in each controller aren't being recognized.

======================= Original question.

I am using the Cakephp auth component to manage an admin section. This is using version 1.3.11

The problem I'm having is that even with allowed actions in each controller, I'm being redirected to the user login page.

Here is what's in the app controller:

class AppController extends Controller {

var $components  = array(
'Auth' => array(
'authorize' => 'controller'
),
'Session',
'RequestHandler'
);

public function isAuthorized() { 
return true; 
}

function beforeFilter(){
    $this->Auth->authorize = 'controller';
    $this->Auth->fields = array('username' => 'username', 'password' => 'password');
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->authError = 'Please login to view that page ';
    $this->Auth->loginError =' The user name or password you entered did not work, please try again ' ; 
            $this->Auth->allow('display');
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); 
    $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'logout'); 
    $this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'display', 'home');     
}

This is what's in the users controller: class UsersController extends AppController {

var $name = 'Users';

function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow = array('add');  
}

This is what's in the posts controller:

class PostsController extends AppController {

var $name = 'Posts';
var $components = array('Session','RequestHandler', 'Email');   

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow = array('edit'); 
}

What I do find is that after I've logged in I'm able to access the home page, as expected. Then when I go to the logout the session isn't entirely destroyed so I can go back to the 'admin' section.

I did try using $this-session('destroy'); in the logout action, but when I did the allowed actions didn't work again.

Does this make sense? Shouldn't allowed actions be independent of a current session?

Thanks, Paul

---

Make sure you are not using requestAction in any of your elements or views, make sure that the actions called by requestAction are allowed too.... this should fix it.

---

For the one when you logout and I can still access admin section: the logout() should have $this->redirect($this->Auth->logout()); It should clear the Auth session data.

Here's what I suggest for the beforeFilter() in appcontroller:

function beforeFilter(){
   $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'dashboard');
}

and for the pages controller: $this->Auth->allow('display', 'view');