CakePHP 1.2: How do I lock a given controller from access from anyone but admins?

Question

I'm not looking for the whole ACO-ARO implementation... I just want to use Auth, and check against the user's role....

What do I put where in order to simply deny users from a given controller unless they have a certain role.

I'm trying to use the $this->Auth->authorize = 'controller'; ... but I don't even know where to put that??

Any help would be awesome!

Thanks in advance.

Answer 1

Short answer: Sounds like you need to create and app_controller.php and put your code in the beforeFilter method.`

Longer Answer: Create an app_controller.php file in you app directory and put the following code in beforeFilter().

if (isset($this->params[Configure::read('Routing.admin')])) { //User is trying to access a page using the admin route
    if ($this->Session->check('someSessionVariable')) { //Check user has some session variable set.                 
        // User is accessing an admin page and has permission, do something, or in most cases do nothing.
     } else { //No sessions set for user, redirect to login page.           
        $this->redirect('/yourLoginPage'); //Redirect
    }
}

This is no substitution for proper user of the Auth component, but should do what you need. Make sure you check its secure before you put it into production.