Ejemplo n.º 1
0
 public function isAuthorized($user)
 {
     $action = $this->request->params['action'];
     // The add and index actions are always allowed.
     if (in_array($action, ['index', 'add', 'tags', 'view', 'delete', 'edit', 'view_pdf', 'logout'])) {
         return true;
     }
     return parent::isAuthorized($user);
 }
Ejemplo n.º 2
0
 public function isAuthorized($user)
 {
     // All registered users can add articles
     if ($this->request->action === 'add' or 'search' or 'gear') {
         return true;
     }
     // The owner of an article can edit and delete it
     if (in_array($this->request->action, ['edit', 'delete'])) {
         $articleId = (int) $this->request->params['pass'][0];
         if ($this->Articles->isOwnedBy($articleId, $user['id'])) {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }
 /**
  * Checks user authorization using a controller callback.
  *
  * @param array $user Active user data
  * @param \Cake\Network\Request $request Request instance.
  * @return bool
  */
 public function authorize($user, Request $request)
 {
     return (bool) $this->_Controller->isAuthorized($user);
 }