public function isAuthorized($user) { if ($this->request->action === 'index') { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (in_array($this->request->action, ['addComment'])) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { if ($user['role'] != 'admin') { return false; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // All registered users can add projects and view the index. if (in_array($this->request->action, ['add', 'index'])) { return true; } // The owner of an project can edit and delete it. if (in_array($this->request->action, ['view', 'edit', 'delete'])) { $projectId = (int) $this->request->params['pass'][0]; if ($this->Projects->isOwnedBy($projectId, $user['id'])) { return true; } } $ProjectsUsers = TableRegistry::get('ProjectsUsers'); // Check from the ProjectsUsers table if the person trying to access // is a moderator of that project. if (in_array($this->request->action, ['view'])) { $projectId = (int) $this->request->params['pass'][0]; if ($ProjectsUsers->isModeratedBy($projectId, $user['id'])) { return true; } } // Check from the ProjectsUsers table if the person trying to access // is assigned to that project. if (in_array($this->request->action, ['view'])) { $projectId = (int) $this->request->params['pass'][0]; if ($ProjectsUsers->isAssignedTo($projectId, $user['id'])) { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (in_array($this->request->action, ['weeklyBets', 'add'])) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user = null) { //DTR: Por defecto no se autoriza el acceso al usuario/rol/controlador/accion. $res = false; //DTR: Si se quiere controlar en herencia, reusar el metodo padre... //...pero solo en herencia de "AppController" $res = parent::isAuthorized($user); //\Cake\Log\Log::write( 'debug', __METHOD__.'['.__LINE__.']'.' usuario= '.var_export( $user, true)); //\Cake\Log\Log::write( 'debug', __METHOD__.'['.__LINE__.']'.' _SESSION= '.var_export( $_SESSION, true)); //Cualquiera de las acciones de este controlador se permiten SOLO para //los usuarios de rol administrador, y eso se controla ya en //"AppController". if (!$res) { $rol = $user['rol']; $controlador = $this->request->params['controller']; $accion = $this->request->params['action']; //Permite el aceso al usuario 'sysadmin if ($user['rol'] === 'sysadmin') { $res = true; } //Permite el acceso al método 'cambiarRol' al usuario 'sysadmin' únicamente if ($user['nombre'] === 'sysadmin' && $accion === 'cambiarRol') { //\Cake\Log\Log::write( 'debug', __METHOD__.'['.__LINE__.']'.' rol= '.$rol.', acceso= '.$controlador.'::'.$accion.', res= '.var_export( $res, true)); //\Cake\Log\Log::write( 'debug', __METHOD__.'['.__LINE__.']'.' _SESSION= '.var_export( $_SESSION, true)); $res = true; } } if (isset($user) && $this->request->params['action'] === 'logout') { $res = true; } return $res; }
public function isAuthorized($user) { if (in_array($this->request->action, ['addPost', 'indexPost', 'viewPost', 'deletePost'])) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (in_array($this->request->action, ['today', 'view', 'edit'])) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user = null) { if (in_array($this->request->action, ['index', 'view', 'logout'])) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (in_array($this->request->action, ['add', 'delete'])) { //auth->user(id) == likes->user_id return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // All registered users can add articles if (in_array($this->request->action, ['logout', 'profile', 'edit'])) { return true; } return parent::isAuthorized($user); }
/** * isAuthorized method * * @param array $user User * @return bool */ public function isAuthorized($user) { if (parent::isAuthorized($user)) { return true; } $accessible = ['changePassword', 'updateContact']; return in_array($this->request->action, $accessible); }
public function isAuthorized($user) { // The owner of an article can edit and delete it if (in_array($this->request->action, ['edit'])) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (isset($user['role']) and $user['role'] === 'user') { if (in_array($this->request->action, ['home', 'view', 'logout'])) { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (in_array($this->request->action, ['add', 'edit', 'delete'])) { if ($this->Auth->user('role') === 'admin') { return true; } } return parent::isAuthorized($user); }
/** * Check if user is authorized * Authorization restricted by ownership should use the method check() within Ownership Component * * @param array $user * @return boolean */ public function isAuthorized($user) { if (parent::isAuthorized($user)) { $action = $this->request->params['action']; // Allowing actions for logged users (excluding admin actions) return true; } return false; }
public function isAuthorized($user) { $action = $this->request->params['action']; // The add and dashboard actions are always allowed. if (in_array($action, ['popup', 'popupadd'])) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user = null) { if (isset($user['role']) && $user['role'] !== $this->roles['Admin']) { if ($this->request->action === 'view') { return false; } } // Par défaut n'autorise pas return parent::isAuthorized($user); }
public function isAuthorized($user) { // O próprio usuário pode ver os seus dados if ($this->request->action === 'index') { if (isset($user['role']) && $user['role'] === 'admin') { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($palestrante) { // O próprio usuário pode ver os seus dados if ($this->request->action === 'view') { $palestranteId = $this->Auth->palestrante('id'); if ($palestranteId === $palestrante['id']) { return true; } } return parent::isAuthorized($palestrante); }
public function isAuthorized($user = null) { // Only access action with your 'id' // The owner of an banner can edit and delete it if (in_array($this->request->action, ['edit', 'delete', 'view'])) { $bookingId = (int) $this->request->params['pass'][0]; if ($this->Bookings->isOwnedBy($bookingId, $user['id'])) { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (isset($user) && ($this->request->action === 'view' || $this->request->action === 'index' || $this->request->action === 'add')) { return true; } if (in_array($this->request->action, ['edit', 'delete'])) { if (isset($user) && $user['id'] === 1 || (int) $this->request->params['pass'][0] === $user['id']) { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($user) { $session = $this->request->session(); //debug($session->read('User.userLevel')); die; switch ($session->read('User.userLevel')) { case 1: return true; case 2: return false; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // Droits de tous les utilisateurs connectes sur les actions if (in_array($this->request->action, ['logout', 'compte'])) { return true; } if (in_array($this->request->action, ['index'])) { if (isset($user['role']) && $user['role'] === 'gestionnaire') { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($user) { if ($this->request->action === 'dashboard') { return true; } if (in_array($this->request->action, ['edit', 'delete'])) { $userId = (int) $this->request->params['pass'][0]; if ($userId == $this->Auth->user('id')) { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($user) { if (in_array($this->request->action, ['add', 'listing']) && $user['role'] != 'admin') { return false; } if (in_array($this->request->action, ['edit', 'delete'])) { $articleId = (int) $this->request->params['pass'][0]; if ($this->Articles->isOwnedBy($articleId, $user['id'])) { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($user) { switch ($this->Auth->user('role')) { case 'student': if (in_array($this->request->action, ['add'])) { return true; } break; default: break; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // all user can post article if ($this->request->action === 'add') { return true; } if (in_array($this->request->action, ['edit', 'delete'])) { $articleId = (int) $this->request->params['pass'][0]; if ($this->Articles->isOwnerBy($articleId, $user['id'])) { return true; } } return parent::isAuthorized($user); }
public function isAuthorized($user) { // Only the project owner can toggle admin status. if ($this->request->action === 'toggle') { $Projects = TableRegistry::get('Projects'); $projectId = $this->request->params['pass'][0]; $userId = $this->Auth->user('id'); if ($Projects->isOwnedBy($projectId, $userId)) { return true; } } // Defaults if none of the above qualify. return parent::isAuthorized($user); }
public function isAuthorized($user) { if (in_array($this->request->action, ['index'])) { return true; } // Groups are editable by the GM only if (in_array($this->request->action, ['edit'])) { $groupId = (int) $this->request->params['pass'][0]; if ($this->Groups->isOwnedBy($groupId, $user['id'])) { return true; } } return parent::isAuthorized($user); }