Just in case you want to keep the controllers lean and all that authorize code out of it in a central file, you might be interested in taking a look at http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/
I always like to code DRY and with clear responsibilities. Mark Am Donnerstag, 25. September 2014 18:06:55 UTC+2 schrieb MarkB: > > Actually, it wasn't the *beforeFilter*... I had actually also not set up > the access rights in my various controllers *isAuthorized *functions > > public function isAuthorized($user) { > if (in_array($this->action, array('dashboard','edit','etcetera'))) { > return true; > } > return parent::isAuthorized($user); > } > > > *I know... RTFM.* > > > *:)* > > On Thursday, 25 September 2014 09:49:02 UTC+1, Dario Savella wrote: >> >> I think you will need to refer to the passed $user argument as shown in >> the docs: >> <http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html#authorization-who-s-allowed-to-access-what> >> >> public function isAuthorized($user) { >> // Admin can access every action >> if (isset($user['role']) && $user['role'] === 'admin') { >> return true; >> } >> // Default deny >> return false; >> } >> >> >> >> -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.