Hi,
My custom controller ' PostsController.php' and inside this a have given
the following code :---
public function isAuthorized($user = null) {
// parent::isAuthorized($user);
if($this->action == 'add'){
return true;
}
if(in_array($this->action,array('edit','delete'))){
$postId = $this->request->param['pass'][0];
if($this->Post->isOwnedBy($postId,$user['id'])){
return true;
}
}
return AuthComponent::isAuthorized($user);
}
------------------------
And in AppController the code is : -----------
class AppController extends Controller {
// public $components = array('DebugKit.Toolbar');
public $components = array(
'Auth' => array(
'loginRedirect' => array('controller' => 'Posts',
'action'=>'index'),
'logoutRedirect' => array('controller' =>'pages' ,
'action'=>'display','home'),
'authorize' => array('Controller')
)
);
public function isAuthorized($user){
if(isset($user['role']) && $user['role'] === 'admin'){
return true;
}
return false;
}
public function beforeFilter(){
$this->Auth->allow('index','view');
}
}
-------------------------------
the user role is admin, and author
But when I give a post using admin user.....I can also edit with author
user....which is not correct according to the coding...
that means isAuthorized is not working on PostsController
Could someone give me solution
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
