Authentication Allow All Actions Except


For Cake 4 authentication plugin.

Currently, allowUnauthenticated() only allow certain actions w/o authentication (e.g. login). But I want it to be the other way around, something like allowAllExcept(), like to allow all actions except…

In other words, is there a way to allow all actions except certain actions ?

Maybe this can be seen as a bit of a hack but with a reflection class you can get all public methods present in your controller.

  public function beforeFilter( EventInterface $event ) {
    parent::beforeFilter( $event );
    $class = new \ReflectionClass(self::class);
    $public_methods = $class->getMethods(\ReflectionMethod::IS_PUBLIC);
    $disallowed_methods = ['edit', 'other'];
    $allowed_methods = [];
    foreach($public_methods as $public_method):
      if($public_method->class === self::class) {
        if(!in_array($public_method->name, $disallowed_methods)) {
          $allowed_methods[] = $public_method->name;
1 Like