I am using SWFUpload and some other scripts that print and download PDF's. The thing is that the machine tries to access a page in order to generate the data for the scripts, but it hits the Authorization requirements. I am using a custom made ip check for this scripts and put them in $this->Auth->allow().
I would like to allow all requests from 127.0.0.1. What is the correct workflow, for custom scripts? Should I allow() all methods and checkIP() or should I make a user for the system and authorize him. I find the last one a little bit to much just for a local connection!
Ok, so I figured out the solution, as it follows:
I wrote an ip check method in core class Security
public static function checkIPBased($userId = false, $ipPool = array()) {
$permission = FALSE;
//CHECK BY IP IN IP POOL
$ipAllowed = array_merge($ipPool, array(
'localhost',
'127.0.0.1',
'::1',
));
foreach ($ipAllowed as $ip):
if (strpos($_SERVER['REMOTE_ADDR'], $ip) === 0)
$permission = true;
endforeach;
//CHECK IF THE USER IS ACCESING HIS ORDER
if ($userId && (($userId == AuthComponent::user('id')) || ((int) AuthComponent::user('group_id') === 1)))
$permission = true;
return $permission;
}
After that I wrote in AppController in beforeFilter() the following code:
if (Security::checkIPBased())
$this->Auth->allow();
This way I am allowing the machine to access all methods while still using Auth Component!