Fixing issues created in [8205] where allowedActions check was done i…

…ncorrectly. Fixes #6482 git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@8208 3807eeeb-6ff5-0310-8944-8be069107fe0
cakephp · Jul 1, 2009 · ff5d9ed · ff5d9ed
1 parent fb6b2ae
commit ff5d9ed
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php
@@ -264,6 +264,7 @@ function initialize(&$controller) {
 	function startup(&$controller) {
 		$methods = array_flip($controller->methods);
 		$controllerAction = strtolower($controller->params['action']);
+		$lowerAllowedActions = array_map('strtolower', $this->allowedActions);
 
 		$isErrorOrTests = (
 			strtolower($controller->name) == 'cakeerror' ||
@@ -297,7 +298,7 @@ function startup(&$controller) {
 
 		$isAllowed = (
 			$this->allowedActions == array('*') ||
-			isset($methods[$controllerAction])
+			in_array($controllerAction, $lowerAllowedActions)
 		);
 
 		if ($loginAction != $url && $isAllowed) {

diff --git a/cake/tests/cases/libs/controller/components/auth.test.php b/cake/tests/cases/libs/controller/components/auth.test.php
@@ -753,6 +753,10 @@ function testAllowedActionsWithCamelCaseMethods() {
 		$this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add');
 		$result = $this->Controller->Auth->startup($this->Controller);
 		$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
+
+		$this->Controller->Auth->allowedActions = array('delete', 'add');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertFalse($result, 'startup() should return false, as action is not allowed. %s');
 	}
 /**
  * testLoginRedirect method