From ff5d9ed6e0f80a44b24143cddd1b6c2733c1ab3f Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Wed, 1 Jul 2009 03:56:16 +0000
Subject: [PATCH] Fixing issues created in [8205] where allowedActions check
 was done incorrectly. Fixes #6482

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@8208 3807eeeb-6ff5-0310-8944-8be069107fe0
---
 cake/libs/controller/components/auth.php                  | 3 ++-
 cake/tests/cases/libs/controller/components/auth.test.php | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php
index 15991d4ebde..a76c877add3 100644
--- a/cake/libs/controller/components/auth.php
+++ b/cake/libs/controller/components/auth.php
@@ -264,6 +264,7 @@ function initialize(&$controller) {
 	function startup(&$controller) {
 		$methods = array_flip($controller->methods);
 		$controllerAction = strtolower($controller->params['action']);
+		$lowerAllowedActions = array_map('strtolower', $this->allowedActions);
 
 		$isErrorOrTests = (
 			strtolower($controller->name) == 'cakeerror' ||
@@ -297,7 +298,7 @@ function startup(&$controller) {
 
 		$isAllowed = (
 			$this->allowedActions == array('*') ||
-			isset($methods[$controllerAction])
+			in_array($controllerAction, $lowerAllowedActions)
 		);
 
 		if ($loginAction != $url && $isAllowed) {
diff --git a/cake/tests/cases/libs/controller/components/auth.test.php b/cake/tests/cases/libs/controller/components/auth.test.php
index b8cbf0b1380..481b2dd5ffe 100644
--- a/cake/tests/cases/libs/controller/components/auth.test.php
+++ b/cake/tests/cases/libs/controller/components/auth.test.php
@@ -753,6 +753,10 @@ function testAllowedActionsWithCamelCaseMethods() {
 		$this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add');
 		$result = $this->Controller->Auth->startup($this->Controller);
 		$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
+
+		$this->Controller->Auth->allowedActions = array('delete', 'add');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertFalse($result, 'startup() should return false, as action is not allowed. %s');
 	}
 /**
  * testLoginRedirect method