phpauthenticationzend-framework2zfcuserbjyauthorize

ZFCUser and bjyauthorize - How to leave out authorization for landing page


I'm building a closed website which has a landing page for everyone.

I'm using ZfcUser and BjyAuthorize. Everything works now but I wonder how I can exclude my Application's Application\Controller\Index::index action.

In my module.bjyauthorize.global.php I told my action to require no authentication:

'BjyAuthorize\Guard\Controller' => array(
    array(
        'controller' => 'Application\Controller\Index',
        'action' => 'index',
        'roles' => array()
    ),
    // ...

But still I get forwarded to the ZFCUser login page.

Any idea what I'm missing?

Edit:

I tried it with the guest role but no luck so far:

 'default_role'          => 'guest',
 'BjyAuthorize\Provider\Role\Config' => array(
     'guest' => array(),
     'user'  => array(
         'children' => array(
             'admin' => array(),
         ),
     ),
 ),

Solution

  • NOTE: valid in BjyAuthorize 1.2.*

    You have to allow the guest user to access the index page:

    'BjyAuthorize\Guard\Controller' => array(
        array(
            'controller' => 'Application\Controller\Index',
            'action' => 'index',
            'roles' => array('guest', 'user')
        ),
        // ...
    

    What you defined in your question is a deny-all instead.

    Since BjyAuthorize's controller guard configuration acts as a whitelist, there is no way to allow access to all roles at once right now.