Just in case you want to keep the controllers lean and all that authorize
code out of it in a central file,
you might be interested in taking a look
at
http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/
I always like to code DRY and with clear responsibilities.
Mark
Am Donnerstag, 25. September 2014 18:06:55 UTC+2 schrieb MarkB:
>
> Actually, it wasn't the *beforeFilter*... I had actually also not set up
> the access rights in my various controllers *isAuthorized *functions
>
> public function isAuthorized($user) {
> if (in_array($this->action, array('dashboard','edit','etcetera'))) {
> return true;
> }
> return parent::isAuthorized($user);
> }
>
>
> *I know... RTFM.*
>
>
> *:)*
>
> On Thursday, 25 September 2014 09:49:02 UTC+1, Dario Savella wrote:
>>
>> I think you will need to refer to the passed $user argument as shown in
>> the docs:
>> <http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html#authorization-who-s-allowed-to-access-what>
>>
>> public function isAuthorized($user) {
>> // Admin can access every action
>> if (isset($user['role']) && $user['role'] === 'admin') {
>> return true;
>> }
>> // Default deny
>> return false;
>> }
>>
>>
>>
>>
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
