This does'nt work too:
public function isAuthorized($user) {
if (parent::isAuthorized($user)) {
return true;
}
if ($this->action === 'edit') {
if ($this->Auth->user('id') == $this->User->id) {
return true;
}
}
return false;
}
On 15 jan, 16:26, "J." <[email protected]> wrote:
> I tried everything and I still don't understand why this isn't working
> in my UsersController :
>
> public function isAuthorized($user) {
> if (parent::isAuthorized($user)) {
> return true;
> }
>
> if (($this->action === 'edit') && ($this->User->id ===
> $this->Auth->user('id'))) {
>
> return true;
> }
>
> return false;
> }
>
> Any idea ? Thanks a lot.
>
> On 15 jan, 11:43, "J." <[email protected]> wrote:
>
>
>
>
>
>
>
> > Ok, I modified the UsersController like this :
>
> > public function isAuthorized($user) {
> > if (parent::isAuthorized($user)) {
> > return true;
> > }
>
> > if (in_array($this->action, array('edit', 'delete'))) {
> > if ($this->User->id == $this->Session->read('Auth.User.id')) {
>
> > return true;
> > }
> > }
>
> > return false;
> > }
>
> > , I don't get the notice anymore, BUT USers still can edit
> > themeselves: any try for editing will redirect to the index. So :
> > Admin can edit any one, users can't edit any profiles. I just need to
> > find out how to allow them editing their own.
>
> > I thought thi woul check if the user ID was the same as the id stored
> > when logged :
>
> > if ($this->User->id == $this->Session->read('Auth.User.id')) {
> > return true;
> > }
>
> > but it doesn't seem to work.
>
> > Any help ? Thanks a lot.
>
> > On 15 jan, 11:38, "J." <[email protected]> wrote:
>
> > > I think I'm near the solution, but I need help for finishing the
> > > code :
>
> > > Here is my app controller :
>
> > > public function isAuthorized($user) {
> > > if (isset($user['role']) && $user['role'] === 'admin') {
> > > return true; //Admin can access every action
> > > }
> > > return false; // The rest don't
> > > }
>
> > > function beforeFilter() {
> > > $this->Auth->allow('index', 'view');
> > > $this->Auth->allow('display');
> > > }
>
> > > And my UsersController :
>
> > > public function isAuthorized($user) {
> > > if (parent::isAuthorized($user)) {
> > > return true;
> > > }
>
> > > if (in_array($this->action, array('edit', 'delete'))) {
> > > if ($user['User']['id'] ==
> > > $this->Session->read('Auth.User.id')) {
>
> > > return true;
> > > }
> > > }
>
> > > return false;
> > > }
>
> > > With this code, Admin can edit everyone, but when a logge duser tries
> > > to edit himself, I get this notice :
>
> > > Notice (8): Undefined index: User [APP/Controller/
> > > UsersController.php, line 60]
> > > Code Context
>
> > > if (in_array($this->action, array('edit', 'delete'))) {
> > > if ($user['User']['id'] ==
> > > $this->Session->read('Auth.User.id')) {
>
> > > UsersController::isAuthorized() - APP/Controller/UsersController.php,
> > > line 60
> > > ControllerAuthorize::authorize() - CORE/Cake/Controller/Component/Auth/
> > > ControllerAuthorize.php, line 64
> > > AuthComponent::isAuthorized() - CORE/Cake/Controller/Component/
> > > AuthComponent.php, line 379
> > > AuthComponent::startup() - CORE/Cake/Controller/Component/
> > > AuthComponent.php, line 330
> > > ObjectCollection::trigger() - CORE/Cake/Utility/ObjectCollection.php,
> > > line 103
> > > Controller::startupProcess() - CORE/Cake/Controller/Controller.php,
> > > line 606
> > > Dispatcher::_invoke() - CORE/Cake/Routing/Dispatcher.php, line 104
> > > Dispatcher::dispatch() - CORE/Cake/Routing/Dispatcher.php, line 89
> > > [main] - APP/webroot/index.php, line 96
>
> > > Any idea what I should add next ? Perhaps in my User Model ? Many
> > > thanks !
>
> > > On 14 jan, 19:44, Salines <[email protected]> wrote:
>
> > > > I think you have answer in one of this videos
>
> > > >http://www.youtube.com/results?search_query=cakephp+auth
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
