I tried everything and I still don't understand why this isn't working
in my UsersController :
public function isAuthorized($user) {
if (parent::isAuthorized($user)) {
return true;
}
if (($this->action === 'edit') && ($this->User->id === $this-
>Auth->user('id'))) {
return true;
}
return false;
}
Any idea ? Thanks a lot.
On 15 jan, 11:43, "J." <[email protected]> wrote:
> Ok, I modified the UsersController like this :
>
> public function isAuthorized($user) {
> if (parent::isAuthorized($user)) {
> return true;
> }
>
> if (in_array($this->action, array('edit', 'delete'))) {
> if ($this->User->id == $this->Session->read('Auth.User.id')) {
>
> return true;
> }
> }
>
> return false;
> }
>
> , I don't get the notice anymore, BUT USers still can edit
> themeselves: any try for editing will redirect to the index. So :
> Admin can edit any one, users can't edit any profiles. I just need to
> find out how to allow them editing their own.
>
> I thought thi woul check if the user ID was the same as the id stored
> when logged :
>
> if ($this->User->id == $this->Session->read('Auth.User.id')) {
> return true;
> }
>
> but it doesn't seem to work.
>
> Any help ? Thanks a lot.
>
> On 15 jan, 11:38, "J." <[email protected]> wrote:
>
>
>
>
>
>
>
> > I think I'm near the solution, but I need help for finishing the
> > code :
>
> > Here is my app controller :
>
> > public function isAuthorized($user) {
> > if (isset($user['role']) && $user['role'] === 'admin') {
> > return true; //Admin can access every action
> > }
> > return false; // The rest don't
> > }
>
> > function beforeFilter() {
> > $this->Auth->allow('index', 'view');
> > $this->Auth->allow('display');
> > }
>
> > And my UsersController :
>
> > public function isAuthorized($user) {
> > if (parent::isAuthorized($user)) {
> > return true;
> > }
>
> > if (in_array($this->action, array('edit', 'delete'))) {
> > if ($user['User']['id'] ==
> > $this->Session->read('Auth.User.id')) {
>
> > return true;
> > }
> > }
>
> > return false;
> > }
>
> > With this code, Admin can edit everyone, but when a logge duser tries
> > to edit himself, I get this notice :
>
> > Notice (8): Undefined index: User [APP/Controller/
> > UsersController.php, line 60]
> > Code Context
>
> > if (in_array($this->action, array('edit', 'delete'))) {
> > if ($user['User']['id'] ==
> > $this->Session->read('Auth.User.id')) {
>
> > UsersController::isAuthorized() - APP/Controller/UsersController.php,
> > line 60
> > ControllerAuthorize::authorize() - CORE/Cake/Controller/Component/Auth/
> > ControllerAuthorize.php, line 64
> > AuthComponent::isAuthorized() - CORE/Cake/Controller/Component/
> > AuthComponent.php, line 379
> > AuthComponent::startup() - CORE/Cake/Controller/Component/
> > AuthComponent.php, line 330
> > ObjectCollection::trigger() - CORE/Cake/Utility/ObjectCollection.php,
> > line 103
> > Controller::startupProcess() - CORE/Cake/Controller/Controller.php,
> > line 606
> > Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 104
> > Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 89
> > [main] - APP/webroot/index.php, line 96
>
> > Any idea what I should add next ? Perhaps in my User Model ? Many
> > thanks !
>
> > On 14 jan, 19:44, Salines <[email protected]> wrote:
>
> > > I think you have answer in one of this videos
>
> > >http://www.youtube.com/results?search_query=cakephp+auth
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
