Provide & Restrict Access to Bancha

In many cases you don't handle everybody to access and change your data. Identifying, authenticating and authorizing users is a common part of almost every web application. In CakePHP AuthComponent provides a pluggable way to do these tasks. AuthComponent allows you to combine authentication objects, and authorization objects to create flexible ways of identifying and checking user authorization.

Instead of trying to come up with our only solution we simply support CakePHP's AuthComponent. This doesn#t only provide you a proven way to handle Authentification, but also makes it easy to develop Ext JS/Sencha Touch apps and normal website inside the same CakePHP project.

Access to Bancha model metadata

Bancha by default provides all kind of information about your models to the user without access restriction. Open /bancha-api/models/all.js in your browser to see what Bancha shares.

But if you are using AuthComponent by default ONLY authentificated users can access Bancha, therefore no anonym user can use your Bancha application. This can be usefull if you are e.g. using Bancha in an administration backend.

If you want to still provide access for all users (e.g. to log in via Ext JS/Sencha Touch) adopt your AppController like this:

class AppController extends Controller {
    /*
     * Add authentification for your application
     */
    public $components = array(
        'Auth' => array(
            ...
        )
    );

    public function beforeFilter() {
        // allow the Bancha API and meta data do be loaded from anyone
        if(strtolower($this->params['plugin']) == 'bancha' && strtolower($this->name) == 'bancha') {
            $this->Auth->allow('index','loadMetaData','translations','logError');
        }
    }
}

Handling authentication errors

Besides that you probably want to use the AuthComponent to handle who can view, create, edit or delete records. Here the normal CakePHP Auth rules are used and you can simple write defautl CakePHP code.

In case the client tries to execute a request, he's not allowed to, the Bancha.Remoting.onAuthException method is executed. You are always able to define your own method here at any time during the application run as soon as the Bancha.Remoting class is loaded. So here are two examples of how to configure it:

Ext.application({
    launch: function() {
        Bancha.Remoting.onAuthException = function() {...};
    }
});
Ext.create('MyApp.controller.MyAuthHandler', {
    override: 'Bancha.Remoting',
    onAuthException: function() {
        ...
    }
});

For advanced configurations just ask us:

Comments

Add a comment