I have my cakePHP application running with acl permissions enabled. I have allowed a group of users to be able to access all of the actions on one of my controllers but sometimes I want to be able to deny access if their user id does not match the user id value in the model they are trying to access or based on some other arbitrary criteria.
So.. What is the conventional way to deny users access to actions when the user already has access to the action from the ACL component?
TLDR: don't use ACL. (It's most likely way overkill AND doesn't seem ideal in your project).
There are a lot of options, depending on your situation, but it boils down to making a method that checks whether or not they have permission to be there/be doing that.
Whether it's a method in the Controller, the Model, or a Behavior that can be used across all models...etc.
My guess from your description is that an ideal way would be to create a Behavior with a method "hasAccess" or something. Then, in the "some actions" where you want to limit access, run the method - something like this:
if(!$this->MyModel->hasAccess($userId)) $this->redirect('/');
