My custom controller ' PostsController.php' and inside this a have given the following code :---
public function isAuthorized($user = null) {
// parent::isAuthorized($user);
if($this->action == 'add'){
return true;
}
if(in_array($this->action,array('edit','delete'))){
$postId = $this->request->param['pass'][0];
if($this->Post->isOwnedBy($postId,$user['id'])){
return true;
}
}
return AuthComponent::isAuthorized($user);
}
------------------------
And in AppController the code is : -----------
class AppController extends Controller {
// public $components = array('DebugKit.Toolbar');
public $components = array(
'Auth' => array(
'loginRedirect' => array('controller' => 'Posts', 'action'=>'index'),
'logoutRedirect' => array('controller' =>'pages' , 'action'=>'display','home'),
'authorize' => array('Controller')
)
);
public function isAuthorized($user){
if(isset($user['role']) && $user['role'] === 'admin'){
return true;
}
return false;
}
public function beforeFilter(){
$this->Auth->allow('index','view');
}
}
-------------------------------
the user role is admin, and author
But when I give a post using admin user.....I can also edit with author user....which is not correct according to the coding...
that means isAuthorized is not working on PostsController
Could someone give me solution
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment