Archive for the 'CakePHP' Category

CakePHP ACL and Ajax

Posted by Shah on December 24, 2008 under CakePHP, Tutorial, Web Technologies

I’m building a web based application using ExtJS as the frontend and CakePHP as the backend. CakePHP built-in ACL returns 200 OK status even when the access was denied. The application uses Ajax a lot so I need CakePHP to returns appropriate response status so that I can inform the user if the requested access was denied. To configure ACL properly, you can follow the posts from Mark Story here and here for the part 2.

After that, just add the following code in app_controller.php

function beforeRender() {
        if ($this->RequestHandler->isAjax()) {
                if ($this->Session->check('Message.auth')) {
                        $this->Session->del('Message.auth');
                        header('HTTP/1.1 403 Forbidden');
                }
        }
}

Now, instead of receiving 200 OK status I get 403 Forbidden when access is denied. Hope this helps!

 If you like this post, please buy me a coffee.

Tags: , , ,