I’ve created a simple serialized JSON response based on the Cookbook example. Works fine, but only if the user is logged in. Otherwise I’m redirected to the login page. I have skipAuthorization() present in my controller just like with some of my other views.
I’m guessing there’s something simple I’m overlooking to allow a public JSON view? Thanks.
public function allnets()
{
$this->Authorization->skipAuthorization();
$allNets = $this->Nets->find()->contain(['Times']);
$this->set('allNets', $allNets);
$this->viewBuilder()->setClassName("Json");
$this->viewBuilder()->setOption('serialize', ['allNets']);
}
skip authorization means that you still need to be logged in but there are not “Role checks” aka policy checks applied
Are you sure you are not mixing up authorization and authentication?
1 Like
Yes, good call. I conflate the two all the time. Adding unauthenticated actions to the controller was the solution. Thanks!
public function beforeFilter(\Cake\Event\EventInterface $event)
{
parent::beforeFilter($event);
$this->Authentication->addUnauthenticatedActions(['action1', 'action2']);
}
Do auth allow in before filter
public function beforeFilter(\Cake\Event\EventInterface $event)
{
parent::beforeFilter($event);
$this->Auth->allow(['allnets');
}
@yogeshsaroya The Auth component is not the same as the new Authentication & Authorization Plugins
So please don’t mix them up
@KevinPfeifer
He wanted to view JSON as public. so why not allow in auth to use without login ?
Please advice
Your mentioned code
public function beforeFilter(\Cake\Event\EventInterface $event)
{
parent::beforeFilter($event);
$this->Auth->allow(['allnets');
}
uses the OLD Auth Component (see HERE)
This is NOT the same as what the original questions was referencing with
public function allnets()
{
$this->Authorization->skipAuthorization();
$allNets = $this->Nets->find()->contain(['Times']);
$this->set('allNets', $allNets);
$this->viewBuilder()->setClassName("Json");
$this->viewBuilder()->setOption('serialize', ['allNets']);
}
Where the NEW Authentication & Authorization Plugins are used.
See Migration from the AuthComponent - 2.x on how to migrate from the old AuthComponent ($this->Auth
) to the new authentication plugins ($this->Authentication
)