I'm not looking for the whole ACO-ARO implementation... I just want to use Auth, and check against the user's role....
What do I put where in order to simply deny users from a given controller unless they have a certain role.
I'm trying to use the $this->Auth->authorize = 'controller'; ... but I don't even know where to put that??
Any help would be awesome!
Thanks in advance.
Thank you.... though, where do I put the stuff, because I can't get it to work!
Short answer: Sounds like you need to create and app_controller.php and put your code in the beforeFilter method.`
Longer Answer: Create an app_controller.php file in you app directory and put the following code in beforeFilter().
if (isset($this->params[Configure::read('Routing.admin')])) { //User is trying to access a page using the admin route
if ($this->Session->check('someSessionVariable')) { //Check user has some session variable set.
// User is accessing an admin page and has permission, do something, or in most cases do nothing.
} else { //No sessions set for user, redirect to login page.
$this->redirect('/yourLoginPage'); //Redirect
}
}
This is no substitution for proper user of the Auth component, but should do what you need. Make sure you check its secure before you put it into production.