CakePHP role based auth

Question

Edit: Version: 2.5.7

I'm currently trying to setup role based authentication with CakePHP. So far I've managed to get authentication to work ok, where controller access redirects to a login screen when not authenticated, and permits access when I am authenticated..

My problem comes when I want certain 'admin' level access to certain action methods, (prefixed with admin_) yet denies them for regular logins.

If I uncomment $this->Auth->authorize in the beforeFilter, my authentication works fine..Comment it in, and I can't log in.

AppController

public function isAuthorized() {

    if (!empty($this->params['action']) &&  (strpos($this->params['action'],'admin_') !== false) ) {
        if ($this->Auth->user('admin')) {
                return true;
        }
    }
    return false;
}

public function beforeFilter()
{
    $this->Auth->authorize = 'controller';
    $this->Auth->deny(); //deny everythng
}

My Dashboard controller is the first screen after successful login. It's before filter just looks like this. Do I need to put a parent:: isAuthorized call somewhere? Or when exactly is the isAuthorized call made? I can tell it is firing, but just not sure why I get kicked back to the login screen when I implement it.

Dashboard Controller.

public function beforeFilter()
    {
        parent::beforeFilter();

    }

Answer 1

Kind of found a solution (of sorts)

Cookbook tells you to do this: http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html

(See under PostController). I whitelist the actions I want regular logged in users to see, and the parent isAuthorized handles the admin scenarios.

Dashboard Controller

public function isAuthorized($user) {

    $actions = array("stats","index");
    if (in_array($this->action, $actions)) {
        return true;
    }

return parent::isAuthorized($user);
}

Problem with this approach is that its pretty painful to have each of my controllers having this sort of white list code in each one. Feels ugly to me.