tiagoa · October 20, 2012 20:13
diff --git a/CakePHP access control b/CakePHP access control
 <?php
 class AppController extends Controller {
  public $permissions = array(
    'Admin' => '*',
    'Student'=>array(
      array('controller'=>'pages', 'action'=>'display'),
      array('controller'=>'books', 'action'=>'*')
    )
  );

  function beforeFilter() {
    $this->Auth->allow('users', 'login');
    $this->Auth->allow('books', 'index');
    $this->isAuthorized();
  }

  public function verifyRole($roles){
    $request = $this->request->params;
    foreach($roles as $role):
      if($this->permissions[$role] == '*'):
        return true;
      else:
        foreach($this->permissions[$role] as $permission):
          if($permission['controller'] == $request['controller']):
            if($permission['action'] == '*'):
              return true;
            else:
              if($permission['action'] == $request['action']):
                return true;
              else:
                return false;
              endif;
            endif;
          endif;
        endforeach;
      endif;
    endforeach;
  }

  function isAuthorized(){
    if($this->Auth->loggedIn()){
      $personId = $this->Auth->user('Person_id');
      if($personId):
        Controller::loadModel('Person');
        /*
        Get the active roles from the Person Model in an simple array:
        Student roles: array('Student', 'Default')
        Teacher roles: array('Teacher', 'Default')
        Coordinator roles: array('Coordinator', 'Teacher', 'Default')
        */
        $roles = $this->Person->listActiveRoles($personId);
        if(!empty($roles)):
          if(!$this->verifyRole($roles)):
            $this->Session->setFlash("You do not have permission.");
            $this->redirect($this->Auth->loginRedirect);
          endif;
        else:
          $this->Session->setFlash("You do not have an active role.");
          $this->redirect($this->Auth->logout());
        endif;
      else:
        $this->Session->setFlash("Your user is not vinculated to a person.");
        $this->redirect($this->Auth->logout());
      endif;
    }
  }     
 }
	<?php
	class AppController extends Controller {
	public $permissions = array(
	'Admin' => '*',
	'Student'=>array(
	array('controller'=>'pages', 'action'=>'display'),
	array('controller'=>'books', 'action'=>'*')
	)
	);

	function beforeFilter() {
	$this->Auth->allow('users', 'login');
	$this->Auth->allow('books', 'index');
	$this->isAuthorized();
	}

	public function verifyRole($roles){
	$request = $this->request->params;
	foreach($roles as $role):
	if($this->permissions[$role] == '*'):
	return true;
	else:
	foreach($this->permissions[$role] as $permission):
	if($permission['controller'] == $request['controller']):
	if($permission['action'] == '*'):
	return true;
	else:
	if($permission['action'] == $request['action']):
	return true;
	else:
	return false;
	endif;
	endif;
	endif;
	endforeach;
	endif;
	endforeach;
	}

	function isAuthorized(){
	if($this->Auth->loggedIn()){
	$personId = $this->Auth->user('Person_id');
	if($personId):
	Controller::loadModel('Person');
	/*
	Get the active roles from the Person Model in an simple array:
	Student roles: array('Student', 'Default')
	Teacher roles: array('Teacher', 'Default')
	Coordinator roles: array('Coordinator', 'Teacher', 'Default')
	*/
	$roles = $this->Person->listActiveRoles($personId);
	if(!empty($roles)):
	if(!$this->verifyRole($roles)):
	$this->Session->setFlash("You do not have permission.");
	$this->redirect($this->Auth->loginRedirect);
	endif;
	else:
	$this->Session->setFlash("You do not have an active role.");
	$this->redirect($this->Auth->logout());
	endif;
	else:
	$this->Session->setFlash("Your user is not vinculated to a person.");
	$this->redirect($this->Auth->logout());
	endif;
	}
	}
	}