Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Route not authorized when logged in to admin


Go to End


4 Posts   798 Views

Avatar
rsouthgate

Community Member, 12 Posts

3 July 2015 at 7:25am

I've configured a route to a custom controller that returns a json feed on the homepage of a site:

URL: mysite.com/api/event?...

routes.yml:

Director:
  rules:
   ...
   'api': 'API_Controller'

API_Controller.php:

class API_Controller extends Page_Controller
{

    //allow only specific actions to be executed by the $request
    private static $allowed_actions = array('event');

    /**
     * @return SS_HTTPResponse_Exception a 404 page if accessing controller index
     **/
    public function index()
    {
        return $this->httpError('404', 'Page not found');
    }

    /**
     * @param current request
     * @return json page response
     **/
    public function event($request)
    {
        return $this->processEvent($request);
    }
...

This works correctly until I login to the admin part of the site. Then if I try and request the json feed through the route the cms complains that I don't have permission to view the draft version and that I should 'click here' to view the live version. The link it creates for the live version is a url to the controller (ignoring the routing configuration), but obviously none of that is very useful in an ajax response that is expecting json.

Since there is no draft version of this page - well it isn't even a page - I'm wondering where the request is being intercepted and the security applied... any pointers appreciated.

Avatar
helenclarko

Community Member, 166 Posts

3 July 2015 at 9:53am

Hi rsouthgate,

I would be interested in knowing this too.

However I may be able to help you with part of your issue.
When you login to Admin, the site is put into draft mode. This allows you to see any pages that have not been published.
This threw me a little bit when I first saw it.
You can set the page to published view in the admin menu by sliding the slider on any page to "published" in the bottom right hand corner.
This will set your entire site experience (even on other tabs) back to the published version.

I would love to know how to set it to published by default, if anyone can help with that.

Regards,
-helenclarko

Avatar
Pyromanik

Community Member, 419 Posts

3 July 2015 at 10:48am

Edited: 03/07/2015 10:49am

Don't extend Page_Controller.
It does routing checks for Pages, which are Versioned. You're not passing it a model, so it has nothing to check and fails (probably the reason, not 100% sure).
You don't need any of the Page_Controller stuff since it's not a page (it's an API), so just extend Controller directly.

You also might be interested in one of the existing modules for this functionality. http://addons.silverstripe.org

Avatar
rsouthgate

Community Member, 12 Posts

3 July 2015 at 11:57am

Ah of course! Thanks