Welcome to The Cookbook

Normally, the AuthComponent will attempt to verify that the login credentials you've entered are accurate by comparing them to what's been stored in your user model. However, there are times where you might want to do some additional work in determining proper credentials. By setting this variable to one of several different values, you can do different things. Here are some of the more common ones you might want to use.

<?php
    $this->Auth->authorize = 'controller';
?>

1. <?php
2. $this->Auth->authorize = 'controller';
3. ?>

When authorize is set to 'controller', you'll need to add a method called isAuthorized() to your controller. This method allows you to do some more authentication checks and then return either true or false.

<?php
    function isAuthorized() {
        if ($this->action == 'delete') {
            if ($this->Auth->user('role') == 'admin') {
                return true;
            } 
        }
	if ($this->action == 'view') {           
                return true;         
        }
	...
        return false;
    }
?>

1. <?php
2. function isAuthorized() {
3. if ($this->action == 'delete') {
4. if ($this->Auth->user('role') == 'admin') {
5. return true;
6. }
7. }
8. if ($this->action == 'view') {
9. return true;
10. }
11. ...
12. return false;
13. }
14. ?>

Remember that this method will be checked after you have already passed the basic authentication check against the user model.

<?php
    $this->Auth->authorize = 'model';
?>

1. <?php
2. $this->Auth->authorize = 'model';
3. ?>

Don't want to add anything to your controller and might be using ACO's? You can get the AuthComponent to call a method in your user model called isAuthorized() to do the same sort of thing:

<?php
    class User extends AppModel {
        ...

        function isAuthorized($user, $controller, $action) {

            switch ($action) {
                case 'default':
                    return false;
                    break;
                case 'delete':
                    if ($user['User']['role'] == 'admin') {
                        return true;
                    }
                    break;
            }
        }
    }
?>

1. <?php
2. class User extends AppModel {
3. ...
4. function isAuthorized($user, $controller, $action) {
5. switch ($action) {
6. case 'default':
7. return false;
8. break;
9. case 'delete':
10. if ($user['User']['role'] == 'admin') {
11. return true;
12. }
13. break;
14. }
15. }
16. }
17. ?>

Lastly, you can use authorize with actions such as below

<?php
    $this->Auth->authorize = 'actions';
?>

1. <?php
2. $this->Auth->authorize = 'actions';
3. ?>

By using actions, Auth will make use of ACL and check with AclComponent::check(). An isAuthorized function is not needed.

<?php
    $this->Auth->authorize = 'crud';
?>

1. <?php
2. $this->Auth->authorize = 'crud';
3. ?>

By using crud, Auth will make use of ACL and check with AclComponent::check(). Actions should be mapped to CRUD (see mapActions).