I have an application where all users have to be logged in. I'm using the Auth component for authentication, and ACL for authorization.
I'm basically doing something like this in the `beforeFilter() of an admin controller:
if(!$this->Acl->check(array('model' => 'User', 'foreign_key' => $this->Auth->user()['id']), 'Admin', 'read'))
{
pr('You are NOT allowed to be here!');
}
This works well for any logged in user, some users can see the admin pages, and some cannot.
However, when I go to /admin when NOT logged in, I get:
AclNode::node() - Couldn't find Aro node identified by "Array ( [Aro0.model] => model [Aro0.foreign_key] => U ) "
(I don't know why it prints the 'U'). It's like it's trying to do the lookup, but since the user information isn't there, it crashes. I'm sure I'm missing something here. I can avoid the problem by checking if the user is logged in:
if($this->Auth->user()) //do the ACL check
But I don't like that approach, and I guess it is wrong.
Do I need some kind of default setting?
