Created
April 12, 2017 23:31
-
-
Save Theaxiom/de5140bbcbf9f8498560664be2aef3c7 to your computer and use it in GitHub Desktop.
How to automatically protect actions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @param null $user | |
| * @return bool | |
| */ | |
| public function isAuthorized($user = null) | |
| { | |
| // Admin can access every action | |
| if ($user && isset($user['is_admin']) && $user['is_admin']) { | |
| $this->Auth->allow(); | |
| return true; | |
| } | |
| // Any registered user can access public functions | |
| if (empty($this->request->params['prefix'])) { | |
| return true; | |
| } | |
| // Everyone can access api | |
| if ($this->request->params['prefix'] === 'api') { | |
| return true; | |
| } | |
| // Only admins can access admin functions | |
| if ($this->request->params['prefix'] === 'admin') { | |
| return (bool)($user['is_admin']); | |
| } | |
| // Default deny | |
| return false; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Initialization hook method. | |
| * | |
| * Use this method to add common initialization code like loading components. | |
| * | |
| * e.g. `$this->loadComponent('Security');` | |
| * | |
| * @return void | |
| */ | |
| public function initialize() | |
| { | |
| parent::initialize(); | |
| $this->Auth->allow(['logout', 'register', 'reset', 'confirm', 'view']); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment