StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSetting which pages can be accessed in CakePHP
primarykey
Id
15767382
data
AcceptedAnswerId
15779329
AnswerCount
2
ClosedDate
CommentCount
4
CommunityOwnedDate
CreationDate
2013-04-02T14:56:48.407
FavoriteCount
0
LastActivityDate
2017-04-30T05:17:23.563
LastEditDate
2013-04-02T15:13:36.960
LastEditorUserId
1322359
OwnerUserId
1322359
ParentId
0
PostTypeId
1
Score
-1
ViewCount
301
LastEditorDisplayName
text
Body
I've put a considerable amount of digging into this but I haven't been able to figure out what the best method would be. I have an employee management system where everyone who logs in is either an "employee", a "supervisor" or a "manager". At the moment, I display different versions of pages just fine depending on what their rank is. However, regular "employees" can still get to pages they shouldn't if they manually enter the URL. According to CakePHP's documentation, it says all pages are restricted by default, and you have to grant access to each one. But I haven't granted access and it seems all the pages are accessible. What is the best method for page access? Thanks! Edit: Here is the configuration of the AppController: <pre><code> public $components = array( 'DebugKit.Toolbar', 'Session', 'Auth' => array( 'authenticate' => array( 'Form' => array( 'userModel' => 'Employee' ) ), 'loginAction' => array( 'controller' => 'employees', 'action' => 'login', //'plugin' => 'users' ), 'loginRedirect' => array('controller' => 'employees', 'action' => 'dashboard'), 'logoutRedirect' => array('controller' => 'employees', 'action' => 'login'), 'authError' => 'You must be logged in to see that.' ) ); </code></pre> And then there is the isAuthorized() method which always is set to return false: <pre><code>public function isAuthorized($user = null) { // Any registered user can access public functions /*if (empty($this->request->params['admin'])) { return true; }*/ // Only admins can access admin functions /*if (isset($this->request->params['admin'])) { return (bool)($user['role'] === 'admin'); }*/ // Default deny return false; } </code></pre>
Tags
<php><cakephp><authentication>
Title
Setting which pages can be accessed in CakePHP
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USLuke Sapan
UserOwnerUserId
1. USLuke Sapan
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POSetting which pages can be accessed in CakePHP
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTDownMod
2. VO
 singulars
 PostPostId
 POSetting which pages can be accessed in CakePHP
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTClose
3. VO
 singulars
 PostPostId
 POSetting which pages can be accessed in CakePHP
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTClose
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.