public function isAuthorized($user) { // All registered users can add posts if ($this->action === 'index' && $user['active'] == 1) { return true; } elseif ($this->action === 'add' && $user['active'] == 1) { return true; } elseif ($user['active'] == 0) { $this->Session->setFlash(__('Vous devez activer votre compte par courriel.'), 'flash/error'); } // The owner of a game can edit and delete it //ATTENTION IL FAUT REGARDER SI LA COLLECTION APPARTIENT À L'UTILISATEUR if (in_array($this->action, array('edit', 'delete'))) { $collectionsController = new CollectionsController(); $collectionsController->constructClasses(); $consoleId = (int) $this->request->params['pass'][0]; $collectionId = $this->Console->field('collection_id', array('id' => $consoleId)); if ($collectionsController->Collection->isOwnedBy($collectionId, $user['id'])) { return true; } } return parent::isAuthorized($user); }