the last line allows admin users to access all areas. Other roles are limited to thier respective prefixed routes
add admin=>false to your html->link calls On 18/04/2011, MeatSandwich <i...@babyclothingcentral.co.uk> wrote: > Sorry for being a bit of a dumb-ass but I'm trying to learn and have > been looking at this for a couple of days but I'm still not completely > sure how it works. I'm following an offline tutorial about using > prefixes. > > the tutorial says do this: > 1 - uncomment the admin routing prefix in core.php > 2 - add the following to users_controller.php: > public function dashboard() { > $role = $this->Auth->user('role'); > if (!empty($role)) { > $this->redirect(array($role=>true, > 'action'=>'dashboard')); > } > } > > public function admin_dashboard() { > } > > public function manager_dashboard() { > } > > 3 - create three views for the above > 4 - in app_controller add the authorize and session components with > appropriate settings, then add: > public function isAuthorized() { > $role = $this->Auth->user('role'); > $neededRole = null; > $prefix = !empty($this->params['prefix']) ? $this- >>params['prefix'] : null; > if (!empty($prefix) && in_array($prefix, > Configure::read('Routing.prefixes'))) { > $neededRole = $prefix; > } > return (empty($neededRole) || strcasecmp($role, 'admin') == 0 || > strcasecmp($role, $neededRole) == 0); > } > > 5 - in the default layout: > <?php > $dashboardUrl = array('controller'=>'users', 'action'=>'dashboard'); > if (!empty($user['role'])) { > $dashboardUrl[$user['role']] = true; > } > echo $this->Html->link('My Dashboard', $dashboardUrl); > ?> > > > Now the whole thing works and I can follow most of whats going on, but > I'm confused with the last line in the isAuthorized method. What > exactly does return (empty($neededRole) || strcasecmp($role, 'admin') > == 0 || strcasecmp($role, $neededRole) == 0); actually return? > > Also, the above code works fine and when I log in as someone who is an > admin they can view the admin_dashboard ok, but there after it seems > any other link has an admin prefix. How do I stop that happening? I > don't want to have to create an admin_ method for everything including > the homepage! > > thanks in advance - Cake rules! > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php > -- - S +44 (0)7908 069 219 -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php