Comments: allow

By res-u on 19/5/08

1 - where to put this code and allowing from app_controller

It is not clear where to put the $this->Auth->allow('myAction') code.<br>

Of course it can be guessed that I have to put it in the beforeFilter function of my controller, it would be nice if it was specified

also how would I go about allowing an action from another controller ? For instance if I want to centralize my 'allowing' code in the beforeFilter function of my app_controller class

By ablivio on 20/8/08

2 - Allow 'logout' to avoid glitches

If for some reason (permanent link, direct URL, etc.) the user invokes /users/logout when he is not logged in, unless 'logout' is allowed, Auth will first ask him to log in, then will immediately log him out.

This is definitely no nice user experience: you want to log out, the application asks you to log in, and immediately after you have submitted your username and password, /users/logout is executed so finally says that your are logged out.

Or else, seing the log-in form, you infer that you are not logged in and stop here. The problem in this case is that the current state of the application is "wait for the user to log in, then log him out". Quite disturbing!

Therefore, may I suggest to systematically allow 'logout' in order to avoid such glitches...

Login to add a comment