hmic · June 20, 2016 15:28
diff --git a/UsersController.php b/UsersController.php

 namespace App\Controller;

 class UsersController extends AppController
 {
 	public function isAuthorized($user = null)
 	{
 		$action = $this->request->params['action'];

 		// admin users are allowed all actions
 		if(isset($user['type']) && $user['type'] == 'admin') {
 			return true;
 		}
 		
 		// logged in users are allowed to see the index page and lookup action
 		if(in_array($action, ['index', 'lookup']) && isset($user['id'])) {
 			return true;
 		}
 		
 		// a logged in user can view and edit hisself, but not others
 		if(in_array($action, ['view', 'edit']) && isset($user['id']) && $user['id'] == $this->request->params->pass[0]) {
 			return true;
 		}
 	
 		// default, access denied
 		return false;
 	}

	namespace App\Controller;

	class UsersController extends AppController
	{
	public function isAuthorized($user = null)
	{
	$action = $this->request->params['action'];

	// admin users are allowed all actions
	if(isset($user['type']) && $user['type'] == 'admin') {
	return true;
	}

	// logged in users are allowed to see the index page and lookup action
	if(in_array($action, ['index', 'lookup']) && isset($user['id'])) {
	return true;
	}

	// a logged in user can view and edit hisself, but not others
	if(in_array($action, ['view', 'edit']) && isset($user['id']) && $user['id'] == $this->request->params->pass[0]) {
	return true;
	}

	// default, access denied
	return false;
	}