CakePHP Auth Component and Multiple Models

Leave a reply

It seems recently all I have been doing is chasing things that are hard to debug :-( This may or may not be a bug but has had me chasing things for a while. I have a system which has two (three) different types of user, a system for users and a group user. They have very different use cases and it didn’t make sense to have a user type. One person may be either a user, a group admin or both. The features for each type were completely separate, i.e. if you were a group admin you wouldn’t automatically be a user as well.

As this was the case I decided to create a separate login system for both functions. Different tables, different models. Both had a login page and both used the Auth component. I did a simple switch in the app_controller to set up the Auth components variables and everything worked on an individual level, i.e. if you visited each login page without having first visited the other login page during the session. However if you went to one login page first and then to the other login page you couldn’t login to the second area.

After a few hours debugging I discovered that setting the $this->Auth->loginRedirect property isn’t enough to control the Auth component. When you first visit a page in a session cakephp sets the Auth.redirect session variable to the Auth::loginRedirect property. The Auth component then checks against this session variable when you login. If they don’t match then you are redirected to the session variable, which you probably don’t have access to as you haven’t logged in to this area.

The solution to this is to manually set this session variable when you change any Auth component properties.

function beforeFilter() {

  if($this->params['controller'] == 'groups' or $this->params['controller'] == 'group_users') {
  
    $this->Auth->userModel = 'GroupUser';
    $this->Auth->loginAction = array('controller' => 'group_users', 'action' => 'login');
    $this->Auth->loginRedirect = array('controller' => 'groups', 'action' => 'index');
    $this->Auth->logoutRedirect = array('controller' => 'group_users', 'action' => 'logout');
    $this->Auth->allow('display','login','logout');
    $this->Auth->authorize = 'controller';
    $this->Auth->userScope = array('GroupUser.active' => 1);
    
    $this->Session->write('Auth.redirect','/groups/index');
    
  }
  else {
  
    $this->Auth->userModel = 'User';
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'index');
    $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
    $this->Auth->allow('display','login','logout');
    $this->Auth->authorize = 'controller';
    $this->Auth->userScope = array('User.active' => 1);
    
    $this->Session->write('Auth.redirect','/users/index');
    
  }
  
}

At the moment I can’t decide whether this is a bug or whether my use case is a bit wrong. Obviously just setting the loginRedirect property of the Auth component shouldn’t affect the session. Maybe there needs to be a method to set this property instead which handles the session?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>