Your last post says that if the logged in user equals the user id set on
the model (wherever you set that), to let them have access. This is
contradictory to what you said: "users can't edit any profiles"
Your isAuthorized action should be really simple then.
public function isAuthorized() {
// assuming 1 for admin - there are better ways to check this
if ($this->Auth->user('group_id') === 1) {
return true; //admin can do anything
}
return false; // users can do nothing
}
Then in your beforeFilters for actions that users *can* do:
// in users controller
public function beforeFilter() {
$this->Auth->allow('view'); // users can get to the UsersController::view()
action
parent::beforeFilter();
}
Allowing the action will tell the Auth component not to check isAuthorized
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
