public function isAuthorized($user = null) { if ($user != null && $this->request->action == 'changePassword') { return true; } return parent::isAuthorized($user); }