isAuthorized() is only called if the action is not already allowed
$this->Auth->allow('action_name'). In the controller you want to lock
down do you have something along the lines of $this->Auth->allow('*')
in your beforeFilter?
Hope that helps,
Nick
On Mar 26, 1:45 pm, cricket <[email protected]> wrote:
> In AppController, I have:
>
> $this->authorize = 'controller';
>
> I have several types of Users, each with a 'model' field set. I'd like
> to bar certain types of Users from accessing the forum. In
> ForumSectionsController, I have:
>
> function isAuthorized()
> {
> return $this->Auth->user('admin') || $this->Auth->user('model') ==
> 'Member';
>
> }
>
> But other types of Users can gain access. Am I misunderstanding the
> point of isAuthorized()? Is it only meaningful in UsersController?
>
> I also tried playing with $this->Auth->userScope in the controller's
> beforeFilter() but no dice thus far.
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
To unsubscribe from this group, send email to
cake-php+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.
