Check this: function beforeFilter() { $this->Auth->authorize = ‘controller’; $this->Auth->allow(‘delete’); } function isAuthorized() { if

Question

0

Asked: May 25, 20262026-05-25T12:35:10+00:00 2026-05-25T12:35:10+00:00

Check this: function beforeFilter() { $this->Auth->authorize = ‘controller’; $this->Auth->allow(‘delete’); } function isAuthorized() { if

0

Check this:

function beforeFilter() {
    $this->Auth->authorize = 'controller';
    $this->Auth->allow('delete');
}

function isAuthorized() {
    if ($this->Auth->user('role') != 'admin') {
        $this->Auth->deny('delete');
    }

    ...
}

(from: http://book.cakephp.org/view/1255/AuthComponent-Methods#deny-1258)

This is the documentation-example for isAuthorized. what do I need it for if I can simply set the conditions in the beforeFilter itself? seems like extra useless code..

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T12:35:10+00:00

It allows you to separate your authorisation logic from other logic that may reside in your beforeFilter callback. Moreover, as it’s a method, you can take advantage of inheritance by implementing it in AppModel, and also override or extend the functionality in individual controllers. The code example you quoted doesn’t really reflect the fact that the method should really return true/false. A better example might be authorising access to admin routed pages site-wide by putting something like this in AppModel:

public function isAuthorized() {
    if (isset($this->params['admin']) && $this->Auth->user('role') == 'admin') {
        return true;
    }
    return false;
}

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Check this: function beforeFilter() { $this->Auth->authorize = ‘controller’; $this->Auth->allow(‘delete’); } function isAuthorized() { if

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply