public function isAuthorized() { parent::isAuthorized(); if (isset($this->request->params["prefix"]) && $this->request->params["prefix"] == "admin" && $this->Auth->user('group_id') === 1) { return true; } else { return false; } }
public function isAuthorized($user) { if ($this->action === 'add') { return true; } if (in_array($this->action, array('edit', 'delete'))) { $postId = (int) $this->request->params['pass'][0]; if ($this->Post->isOwnedBy($postId, $user['id'])) { return true; } } return parent::isAuthorized($user); }