public function isAuthorized($user) { $action = $this->request->params['action']; // The add and index actions are always allowed. if (in_array($action, ['index', 'add', 'tags', 'view', 'delete', 'edit', 'view_pdf', 'logout'])) { return true; } return parent::isAuthorized($user); }
public function isAuthorized($user) { // All registered users can add articles if ($this->request->action === 'add' or 'search' or 'gear') { return true; } // The owner of an article can edit and delete it if (in_array($this->request->action, ['edit', 'delete'])) { $articleId = (int) $this->request->params['pass'][0]; if ($this->Articles->isOwnedBy($articleId, $user['id'])) { return true; } } return parent::isAuthorized($user); }
/** * Checks user authorization using a controller callback. * * @param array $user Active user data * @param \Cake\Network\Request $request Request instance. * @return bool */ public function authorize($user, Request $request) { return (bool) $this->_Controller->isAuthorized($user); }