public function isAuthorized($user)
{
$action = $this->request->params['action'];
// The add and index actions are always allowed.
if (in_array($action, ['index', 'add', 'tags', 'view', 'delete', 'edit', 'view_pdf', 'logout'])) {
return true;
}
return parent::isAuthorized($user);
}
public function isAuthorized($user)
{
// All registered users can add articles
if ($this->request->action === 'add' or 'search' or 'gear') {
return true;
}
// The owner of an article can edit and delete it
if (in_array($this->request->action, ['edit', 'delete'])) {
$articleId = (int) $this->request->params['pass'][0];
if ($this->Articles->isOwnedBy($articleId, $user['id'])) {
return true;
}
}
return parent::isAuthorized($user);
}
/**
* Checks user authorization using a controller callback.
*
* @param array $user Active user data
* @param \Cake\Network\Request $request Request instance.
* @return bool
*/
public function authorize($user, Request $request)
{
return (bool) $this->_Controller->isAuthorized($user);
}
