auth problem

1. class AppController extends Controller
2. {
3. public $components = ['Flash'];
4.  
5. public function initialize()
6. {
7. parent::initialize();
8.  
9. $this->loadComponent('Flash');
10.  
11. $this->loadComponent('Auth', [
12.  
13. 'authorize' => ['Controller'],
14. //'unauthorizedRedirect' => false,
15. //'authError' => 'No autorization',
16.  
17. 'loginRedirect' => [
18. 'controller' => 'Notas',
19. 'action' => 'menu'
20. ],
21.  
22. 'logoutRedirect' => [
23. 'controller' => 'Estados',
24. 'action' => 'index'
25. ],
26.  
27. 'loginAction' => [
28. 'controller' => 'Users',
29. 'action' => 'login'
30. ],
31.  
32. 'authenticate' => [
33. 'Form' => [
34. 'userModel' => 'Users'
35. 'fields' => ['username' => 'username', 'password' => 'password']
36. ]
37. ]
38.  
39. ]);
40.  
41. }
42.  
43. public function beforeFilter(Event $event)
44. {
45. parent::beforeFilter($event);
46. $this->Auth->allow(['index', 'view', 'display', 'nota' ]);
47. }
48.  
49.  
50.  
51. public function isAuthorized( $user = null )
52. {
53. // Admin can access every action
54. //return true;
55.  
56. if( empty( $user ) )
57. return false;
58.  
59. $role = '';
60. if ( isset($user['role']) )
61. {
62. $role = trim($user['role']);
63. }
64.  
65. if( empty($role) )
66. $role = $this->Auth->User('role');
67.  
68. if( strtoupper($role) === 'ADMIN' )
69. {
70. //$this->Flash->success("Autorized");
71. return true;
72. }
73.  
74. // Default no authorized
75. return false;
76. }
77.  
78.  
79. }
80.  
81.  
82. ------------------------------------------------------------------------------------------------------------------------
83.  
84. Users controller
85.  
86. <?php
87.  
88. // src/Controller/UsersController.php
89.  
90. namespace App\Controller;
91.  
92. use App\Controller\AppController;
93. //use Cake\Controller\Controller;
94. use Cake\ORM\TableRegistry;
95. use Cake\ORM\Table;
96. use Cake\Event\Event;
97.  
98. class UsersController extends AppController
99. {
100.  
101. public $components = ['Paginator', 'Flash', 'Auth'];
102.  
103. public $paginate = [
104.  
105. 'Users'=>[
106. 'limit' => 25,
107. 'order' => [
108. 'Users.nombre' => 'asc'
109. ]
110. ]
111. ];
112.  
113.  
114. public function initialize()
115. {
116. parent::initialize();
117. $this->viewBuilder()->layout('admin_template');
118. }
119.  
120.  
121. public function beforeFilter(Event $event)
122. {
123. parent::beforeFilter($event);
124. $this->Auth->allow(['logout']);
125. }
126.  
127.  
128. public function isAuthorized( $user = null ){
129. return parent::isAuthorized( $user );
130. }
131.  
132.  
133. public function login()
134. {
135. if ($this->request->is('post'))
136. {
137. $user = $this->Auth->identify();
138. if ($user)
139. {
140. $session = $this->request->session();
141. $this->Auth->setUser( $user );
142.  
143. $auth_user = $this->Auth->user();
144. //echo "<br> ROL auth_user: " . $auth_user['role']; // user here is not empty... is correct.
145. //echo "<br> ROL: " . $this->Auth->User('role'); //this also works...... and has 'admin'
146.  
147. return $this->redirect( $this->Auth->redirectUrl() );
148. }
149.  
150. $this->Flash->error('Usuario y/o contraseña incorrecto.');
151. }
152. }
153.  
154.  
155. public function logout()
156. {
157. $this->Auth->logout();
158. $this->Flash->success('Se ha cerrado la sesion con exito...');
159. return $this->redirect( $this->Auth->logout() );
160. }
161.  
162.  
163. }
164.  
165. ?>
166.  
167.  
168. --------------------------------------------------------------------------------------
169.  
170. NotasController
171.  
172.  
173. <?php
174. namespace App\Controller;
175.  
176. use App\Controller\AppController;
177. use Cake\Event\Event;
178. //use Cake\Controller\Controller;
179. use Cake\ORM\TableRegistry;
180. use Cake\ORM\Table;
181. use Cake\Utility\Inflector;
182.  
183.  
184. class NotasController extends AppController {
185.  
186.  
187. public $components = ['Paginator' ];
188.  
189. public $paginate = [
190. 'Notas'=>[
191. 'limit' => 25,
192. 'order' => [
193. 'Notas.fecha' => 'asc'
194. ]
195. ]
196. ];
197.  
198.  
199. public function initialize()
200. {
201. parent::initialize();
202. $this->viewBuilder()->layout('admin_template');
203. }
204.  
205.  
206. public function beforeFilter(Event $event)
207. {
208. parent::beforeFilter($event);
209.  
210. //get the user logged in
211. $auth_user = $this->Auth->user(); //here is null or empty.. why ?????
212.  
213. if( $this->isAuthorized( $auth_user ) )
214. {
215. $this->Auth->allow();
216. $this->set('auth_user', $auth_user );
217. return;
218. }
219.  
220. $this->Flash->error("Not allowed");
221. $this->redirect( ['action'=>'login', 'controller'=>'users'] );
222. }
223.  
224.  
225. public function beforeRender(Event $event)
226. {
227. parent::beforeRender($event);
228. }
229.  
230.  
231. public function isAuthorized( $user = null )
232. {
233. if( empty($user) ){ //// is always empty...... or null
234. echo "User is empty";
235. //die();
236. return false;
237. }
238.  
239. $role = '';
240. if ( isset($user['role']) )
241. {
242. $role = $user['role'];
243. }
244.  
245. if( empty($role) )
246. $role = $this->Auth->User('role');
247.  
248. $role = strtoupper($role);
249. if( $role == 'ADMIN' )
250. {
251. return true;
252. }
253. return parent::isAuthorized($user);
254. }
255.  
256.  
257. public function menu(){
258.  
259. }
260.  
261. }
262.  
263. ?>