Hi, My custom controller ' PostsController.php' and inside this a have given the following code :---
public function isAuthorized($user = null) { // parent::isAuthorized($user); if($this->action == 'add'){ return true; } if(in_array($this->action,array('edit','delete'))){ $postId = $this->request->param['pass'][0]; if($this->Post->isOwnedBy($postId,$user['id'])){ return true; } } return AuthComponent::isAuthorized($user); } ------------------------ And in AppController the code is : ----------- class AppController extends Controller { // public $components = array('DebugKit.Toolbar'); public $components = array( 'Auth' => array( 'loginRedirect' => array('controller' => 'Posts', 'action'=>'index'), 'logoutRedirect' => array('controller' =>'pages' , 'action'=>'display','home'), 'authorize' => array('Controller') ) ); public function isAuthorized($user){ if(isset($user['role']) && $user['role'] === 'admin'){ return true; } return false; } public function beforeFilter(){ $this->Auth->allow('index','view'); } } ------------------------------- the user role is admin, and author But when I give a post using admin user.....I can also edit with author user....which is not correct according to the coding... that means isAuthorized is not working on PostsController Could someone give me solution -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.