Monday, December 2, 2013

Re: Production and Development Environment

Trying one more time...

The requirement is that in production, you need to authenticate to get access to the API, and that in development, no authentication is required.

The assumption is that the authentication will be session based, with a form based login action.  There has been mention of a .htaccess file, but it wasn't clearly stated if this was used to provide authentication via Basic Authentication.

In the AppController, I would have:

public function beforeFilter() {
    /* set up Authentication */
    if (!Configure::read('developmentMode')) {
        $this->Auth->deny(); /* a default deny for all actions, when not in developmentMode */
    }  else {
        $this->Auth->allow(); /* a default allow for all actions, when in development mode */

And then in any controller, I would have:

public function beforeFilter() {
   /* the remainder of your code, to allow actions, and lift authentication restrictions for particular actions */

In production, this will ensure that all actions are denied by default, to be overridden by specific controllers.

In development, this will set up a default allow for all actions.

It's been a while since I've actually played with the CakePHP 2.X Auth stuff, but that's the general idea I was going for.

Best of luck finding a solution.

Reuben Helms

On Tue, Dec 3, 2013 at 8:39 AM, Advantage+ <> wrote:

I appolagize.


But if parent::before filter is called in the controller and reads production or development anything called after that will be over-ridden no?


You cannot get an API called back to a password protected folder so you have to remove the password protection, but if you want it to be a hidden folder which is not accessible you need a way to hide it.


Dave Maharaj

Freelance Designer | Developer  |  |  709.800.0852


From: [] On Behalf Of AD7six
Sent: Saturday, November 30, 2013 11:08 AM

Subject: Re: Production and Development Environment


On Friday, 29 November 2013 05:45:50 UTC+1, advantage+ wrote:

Hmm sounds like the exact thing I said……..and if you do

Beforefilter::parent () in the controller what was the point of asking if there is an easy way to no go thur every controller!



public function beforeFilter() {





              //Allow Security to allow ajax request for these actions

              $ajax_request = array('manage_add', 'manage_edit', 'manage_delete');

              if(in_array($this->params['action'], $ajax_request)){


                     $this->Security->unlockedActions = $ajax_request;

                     $this->Security->csrfCheck = false;




Since parent:: is called you have to go thru every controller no?


If you see a correct way I happy to hear about it.




Like Us on FaceBook
Find us on Twitter
You received this message because you are subscribed to a topic in the Google Groups "CakePHP" group.
To unsubscribe from this topic, visit
To unsubscribe from this group and all its topics, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

Like Us on FaceBook
Find us on Twitter
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit


Post a Comment

Subscribe to Post Comments [Atom]

<< Home

Real Estate