cakephp isAuthorized() not being called

Question

I am trying to use the isAuthorized() method to do a check for an admin flag, but the function never seems to be called. Even when I set the function to always return false, it allows any user. It just seems like it isn't being called.

Do I need to do something more than setting $this->Auth->authorize = 'controller' ?

from /app/app_controller.php

class AppController extends Controller
{

var $components = array('Auth');

function beforeFilter()
{
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->loginRedirect = array('controller' => 'pages', 'display' => 'home');
    $this->Auth->logoutRedirect = '/';
    $this->Auth->authorize = 'controller';
    $this->Auth->userScope = array('User.active' => 1);
}

function isAuthorized()
{
    if (strpos($this->action, "admin_") != false)
    {
     if ($this->Auth->user('isAdmin') == '0')
     {
      return false;
     }
    }
    return true;
}
}

Answer 1

you need to make sure that 'Auth' is in the components array for that controller:

$this->components[] = 'Auth';

drop that in the constructor and it should work (unless, of course, it doesn't). Good luck!

Answer 2

You should check if you're overriding your Auth settings in your other controller.

First, to verify that isAuthorized() is being called, try putting a simple debug($this); die; in it.

If it is not dying, you're probably overriding it in some other controller (you're missing the parent::isAuthorized() call).

If it's not that, then you're probably doing that same thing with beforeFilter().