CODEWITHSUNDEEP
phpcakephp
DavidGreeley
DavidGreeley

Reputation: 1

Cakephp admin routing Blocking Regular user

One of the classes at school is a CakePHP class and there one question no one has been able to answer and that is a way of blocking users from accessing certain things(like the admin pages). The way I did was just using a PHP statement in the View for a certain index.ctp page that said If the role was = 1 then shows this HTML else show this other HTML. But that's not really the right away.

So I setup admin routing prefix and re-baked the MVC files with routing in mind, just but Don't know how to block the user with a role of "1" - meaning default- from access the admin prefix pages. Maybe I'm missing something Totally... any insight or tutorials would be a HUGE help.

App controller

class AppController extends Controller {
public $components = array('DebugKit.Toolbar', 'Session', 'Auth');

public function isAuthorized($user) {
        if (empty($this->request->params['prefix'])) {
            return true;
        }
        if($this->request->params['prefix'] == 'admin') {
            return ($user['role'] == '2');
        }
        return false;
}
public function beforeFilter() {
    $this - > set('logged_in', $this - > Auth - > loggedIn());
    $this - > set('current_user', $this - > Auth - > user());
}
}

The project is uploaded to https://github.com/DavidWGreeley/termmvc/tree/Testing

Upvotes: 0

Views: 107

Answers (1)

arilia
arilia

Reputation: 9398

you have to tell cake what type of authorization it needs

When you load the Auth component you have to inform cake that it has to look in Controller::isAuthorized method. So in your AppController::initialize() method do:

 $this->loadComponent('Auth', [
    'authorize' => [
        'Controller'
    ]
)

Upvotes: 1

Related Questions