How to protect all admin actions in all cakePHP controllers

Question

How to protect all admin actions in all cakePHP controllers

I am developing an application using cakePHP v 1.3 for Windows (XAMPP).

Most controllers are baked with admin routing enabled. I want to protect the admin actions of each controller with a login page. How can I do this without repeating a lot? One solution to the problem is "I check the login information for the admin_index action of each controller" and then display the login screen accordingly.
Is there a better way to do this?

Rollback of the admin url ( http: // localhost / app / admin ) points to the user_admin action of the user controller (for this, a new route.php file is created in the route)

+2

security cakephp admin cakephp-1.3 routes

Gaurav sharma May 17 '10 at 7:24

a source to share

1 answer

deceze · Accepted Answer · 2010-05-17T07:32:07+0000

Use an authentication component . You can configure it for admin routes only with something like this:

// AppController::beforeFilter
function beforeFilter() {
    if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
        $this->Auth->deny('*');
        ...
    }
}

Checking only in actions is index

meaningless, it's just obscurity, not security. AuthComponent will check permissions for every single page load.

How to protect all admin actions in all cakePHP controllers

More articles: