AppController::isAuthorized, App\Controller PHP Code Examples

Example #1

0

Show file

File: WeaponsController.php Project: Cylindric/edge

 public function isAuthorized($user)
 {
     if ($this->request->action === 'index') {
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #2

0

Show file

File: CommentsController.php Project: webroup17/social_networking

 public function isAuthorized($user)
 {
     if (in_array($this->request->action, ['addComment'])) {
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #3

0

Show file

File: CategoriesController.php Project: esaul314/norn-cms

 public function isAuthorized($user)
 {
     if ($user['role'] != 'admin') {
         return false;
     }
     return parent::isAuthorized($user);
 }

Example #4

0

Show file

File: ProjectsController.php Project: Custodia/caketickets

 public function isAuthorized($user)
 {
     // All registered users can add projects and view the index.
     if (in_array($this->request->action, ['add', 'index'])) {
         return true;
     }
     // The owner of an project can edit and delete it.
     if (in_array($this->request->action, ['view', 'edit', 'delete'])) {
         $projectId = (int) $this->request->params['pass'][0];
         if ($this->Projects->isOwnedBy($projectId, $user['id'])) {
             return true;
         }
     }
     $ProjectsUsers = TableRegistry::get('ProjectsUsers');
     // Check from the ProjectsUsers table if the person trying to access
     // is a moderator of that project.
     if (in_array($this->request->action, ['view'])) {
         $projectId = (int) $this->request->params['pass'][0];
         if ($ProjectsUsers->isModeratedBy($projectId, $user['id'])) {
             return true;
         }
     }
     // Check from the ProjectsUsers table if the person trying to access
     // is assigned to that project.
     if (in_array($this->request->action, ['view'])) {
         $projectId = (int) $this->request->params['pass'][0];
         if ($ProjectsUsers->isAssignedTo($projectId, $user['id'])) {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #5

0

Show file

File: MatchBetsController.php Project: vetusbs/quiniela

 public function isAuthorized($user)
 {
     if (in_array($this->request->action, ['weeklyBets', 'add'])) {
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #6

0

Show file

File: UsuariosController.php Project: EPSZ-DAW2/daw2-2015-recetas-cocina

 public function isAuthorized($user = null)
 {
     //DTR: Por defecto no se autoriza el acceso al usuario/rol/controlador/accion.
     $res = false;
     //DTR: Si se quiere controlar en herencia, reusar el metodo padre...
     //...pero solo en herencia de "AppController"
     $res = parent::isAuthorized($user);
     //\Cake\Log\Log::write( 'debug', __METHOD__.'['.__LINE__.']'.' usuario= '.var_export( $user, true));
     //\Cake\Log\Log::write( 'debug', __METHOD__.'['.__LINE__.']'.' _SESSION= '.var_export( $_SESSION, true));
     //Cualquiera de las acciones de este controlador se permiten SOLO para
     //los  usuarios de rol administrador, y eso se controla ya en
     //"AppController".
     if (!$res) {
         $rol = $user['rol'];
         $controlador = $this->request->params['controller'];
         $accion = $this->request->params['action'];
         //Permite el aceso al usuario 'sysadmin
         if ($user['rol'] === 'sysadmin') {
             $res = true;
         }
         //Permite el acceso al método 'cambiarRol' al usuario 'sysadmin' únicamente
         if ($user['nombre'] === 'sysadmin' && $accion === 'cambiarRol') {
             //\Cake\Log\Log::write( 'debug', __METHOD__.'['.__LINE__.']'.' rol= '.$rol.', acceso= '.$controlador.'::'.$accion.', res= '.var_export( $res, true));
             //\Cake\Log\Log::write( 'debug', __METHOD__.'['.__LINE__.']'.' _SESSION= '.var_export( $_SESSION, true));
             $res = true;
         }
     }
     if (isset($user) && $this->request->params['action'] === 'logout') {
         $res = true;
     }
     return $res;
 }

Example #7

0

Show file

File: PostsController.php Project: webroup17/social_networking

 public function isAuthorized($user)
 {
     if (in_array($this->request->action, ['addPost', 'indexPost', 'viewPost', 'deletePost'])) {
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #8

0

Show file

File: FootballDaysController.php Project: vetusbs/quiniela

 public function isAuthorized($user)
 {
     if (in_array($this->request->action, ['today', 'view', 'edit'])) {
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #9

0

Show file

File: UsersController.php Project: alricklovesballs/M1BdD

 public function isAuthorized($user = null)
 {
     if (in_array($this->request->action, ['index', 'view', 'logout'])) {
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #10

0

Show file

File: LikesController.php Project: andrewcowman/spWeb1

 public function isAuthorized($user)
 {
     if (in_array($this->request->action, ['add', 'delete'])) {
         //auth->user(id) == likes->user_id
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #11

0

Show file

File: UsersController.php Project: kfer10/excel

 public function isAuthorized($user)
 {
     // All registered users can add articles
     if (in_array($this->request->action, ['logout', 'profile', 'edit'])) {
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #12

0

Show file

File: UsersController.php Project: BallStateCBER/cri

 /**
  * isAuthorized method
  *
  * @param array $user User
  * @return bool
  */
 public function isAuthorized($user)
 {
     if (parent::isAuthorized($user)) {
         return true;
     }
     $accessible = ['changePassword', 'updateContact'];
     return in_array($this->request->action, $accessible);
 }

Example #13

0

Show file

File: MatchesController.php Project: vetusbs/quiniela

 public function isAuthorized($user)
 {
     // The owner of an article can edit and delete it
     if (in_array($this->request->action, ['edit'])) {
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #14

0

Show file

File: UsersController.php Project: edsonmgoz/pocake

 public function isAuthorized($user)
 {
     if (isset($user['role']) and $user['role'] === 'user') {
         if (in_array($this->request->action, ['home', 'view', 'logout'])) {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #15

0

Show file

File: CategoriesController.php Project: EngenhariaLivre/Discussion

 public function isAuthorized($user)
 {
     if (in_array($this->request->action, ['add', 'edit', 'delete'])) {
         if ($this->Auth->user('role') === 'admin') {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #16

0

Show file

File: UsersController.php Project: beyondkeysystem/CakePhp3-AppStarter

 /**
  * Check if user is authorized
  * Authorization restricted by ownership should use the method check() within Ownership Component
  * 
  * @param array $user
  * @return boolean
  */
 public function isAuthorized($user)
 {
     if (parent::isAuthorized($user)) {
         $action = $this->request->params['action'];
         // Allowing actions for logged users (excluding admin actions)
         return true;
     }
     return false;
 }

Example #17

0

Show file

File: UploadsController.php Project: nadymain/quebolu

 public function isAuthorized($user)
 {
     $action = $this->request->params['action'];
     // The add and dashboard actions are always allowed.
     if (in_array($action, ['popup', 'popupadd'])) {
         return true;
     }
     return parent::isAuthorized($user);
 }

Example #18

0

Show file

File: EditeursController.php Project: AFPA-Dijon/afpa

 public function isAuthorized($user = null)
 {
     if (isset($user['role']) && $user['role'] !== $this->roles['Admin']) {
         if ($this->request->action === 'view') {
             return false;
         }
     }
     // Par défaut n'autorise pas
     return parent::isAuthorized($user);
 }

Example #19

0

Show file

File: EmailController.php Project: AlexandreSGV/siteentec

 public function isAuthorized($user)
 {
     // O próprio usuário pode ver os seus dados
     if ($this->request->action === 'index') {
         if (isset($user['role']) && $user['role'] === 'admin') {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #20

0

Show file

File: PalestrantesController.php Project: AlexandreSGV/siteentec

 public function isAuthorized($palestrante)
 {
     // O próprio usuário pode ver os seus dados
     if ($this->request->action === 'view') {
         $palestranteId = $this->Auth->palestrante('id');
         if ($palestranteId === $palestrante['id']) {
             return true;
         }
     }
     return parent::isAuthorized($palestrante);
 }

Example #21

0

Show file

File: BookingsController.php Project: ricardohenriq/shooping

 public function isAuthorized($user = null)
 {
     // Only access action with your 'id'
     // The owner of an banner can edit and delete it
     if (in_array($this->request->action, ['edit', 'delete', 'view'])) {
         $bookingId = (int) $this->request->params['pass'][0];
         if ($this->Bookings->isOwnedBy($bookingId, $user['id'])) {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #22

0

Show file

File: UsersController.php Project: agourd/dev-fsociety

 public function isAuthorized($user)
 {
     if (isset($user) && ($this->request->action === 'view' || $this->request->action === 'index' || $this->request->action === 'add')) {
         return true;
     }
     if (in_array($this->request->action, ['edit', 'delete'])) {
         if (isset($user) && $user['id'] === 1 || (int) $this->request->params['pass'][0] === $user['id']) {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #23

0

Show file

File: KeywordsController.php Project: Vooders/pdf-db

 public function isAuthorized($user)
 {
     $session = $this->request->session();
     //debug($session->read('User.userLevel')); die;
     switch ($session->read('User.userLevel')) {
         case 1:
             return true;
         case 2:
             return false;
     }
     return parent::isAuthorized($user);
 }

Example #24

0

Show file

File: UsersController.php Project: acoue/GMKCake

 public function isAuthorized($user)
 {
     // Droits de tous les utilisateurs connectes sur les actions
     if (in_array($this->request->action, ['logout', 'compte'])) {
         return true;
     }
     if (in_array($this->request->action, ['index'])) {
         if (isset($user['role']) && $user['role'] === 'gestionnaire') {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #25

0

Show file

File: UsersController.php Project: nadymain/quebolu

 public function isAuthorized($user)
 {
     if ($this->request->action === 'dashboard') {
         return true;
     }
     if (in_array($this->request->action, ['edit', 'delete'])) {
         $userId = (int) $this->request->params['pass'][0];
         if ($userId == $this->Auth->user('id')) {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #26

0

Show file

File: ArticlesController.php Project: esaul314/norn-cms

 public function isAuthorized($user)
 {
     if (in_array($this->request->action, ['add', 'listing']) && $user['role'] != 'admin') {
         return false;
     }
     if (in_array($this->request->action, ['edit', 'delete'])) {
         $articleId = (int) $this->request->params['pass'][0];
         if ($this->Articles->isOwnedBy($articleId, $user['id'])) {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #27

0

Show file

File: QuestionsUsersController.php Project: nerthux/egresados

 public function isAuthorized($user)
 {
     switch ($this->Auth->user('role')) {
         case 'student':
             if (in_array($this->request->action, ['add'])) {
                 return true;
             }
             break;
         default:
             break;
     }
     return parent::isAuthorized($user);
 }

Example #28

0

Show file

File: ArticlesController.php Project: hack3rlov3/cakephptutorial

 public function isAuthorized($user)
 {
     // all user can post article
     if ($this->request->action === 'add') {
         return true;
     }
     if (in_array($this->request->action, ['edit', 'delete'])) {
         $articleId = (int) $this->request->params['pass'][0];
         if ($this->Articles->isOwnerBy($articleId, $user['id'])) {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

Example #29

0

Show file

File: ProjectsUsersController.php Project: Custodia/caketickets

 public function isAuthorized($user)
 {
     // Only the project owner can toggle admin status.
     if ($this->request->action === 'toggle') {
         $Projects = TableRegistry::get('Projects');
         $projectId = $this->request->params['pass'][0];
         $userId = $this->Auth->user('id');
         if ($Projects->isOwnedBy($projectId, $userId)) {
             return true;
         }
     }
     // Defaults if none of the above qualify.
     return parent::isAuthorized($user);
 }

Example #30

0

Show file

File: GroupsController.php Project: Cylindric/edge

 public function isAuthorized($user)
 {
     if (in_array($this->request->action, ['index'])) {
         return true;
     }
     // Groups are editable by the GM only
     if (in_array($this->request->action, ['edit'])) {
         $groupId = (int) $this->request->params['pass'][0];
         if ($this->Groups->isOwnedBy($groupId, $user['id'])) {
             return true;
         }
     }
     return parent::isAuthorized($user);
 }

PHP App\Controller AppController::isAuthorized Examples