CakePHP 2.4.4 isAuthorized() not working properly

I am using the CakeDC users plugin and I am having trouble getting only admins to be able to view the admin section as it stands any registered user can access admin. what am i doing wrong?

AppController.php

class AppController extends Controller {
    public $components = array(
        'DebugKit.Toolbar',
        'Auth' => array('authorize' => array('Controller')
        )
    );

    public function isAuthorized($user = null) {
        // Any registered user can access public functions
        if (empty($this->request->params['admin'])) {
            return true;
        }

        // Only admins can access admin functions
        if (isset($this->request->params['admin'])) {
            return (bool)($user['role'] === 'admin');
        }

        // Default deny
        return false;
    }

    public function beforeFilter(){
        $this->Auth->allow("display");
        if ($this->Auth->loggedIn()) {
            $this->layout = 'loggedin';
        }


    }

}

UsersController.php (from the CakeDC users plugin controller)

//other code here
    public function isAuthorized($user = null) {
        return parent::isAuthorized($user);
    }
//other code here

routes.php

Router::connect('/users', array('plugin' => 'users', 'controller' => 'users'));
Router::connect('/users/index/*', array('plugin' => 'users', 'controller' => 'users'));
Router::connect('/users/:action/*', array('plugin' => 'users', 'controller' => 'users'));
Router::connect('/users/users/:action/*', array('plugin' => 'users', 'controller' => 'users'));
Router::connect('/login', array('plugin' => 'users', 'controller' => 'users', 'action' => 'login'));
Router::connect('/logout', array('plugin' => 'users', 'controller' => 'users', 'action' => 'logout'));
Router::connect('/register', array('plugin' => 'users', 'controller' => 'users', 'action' => 'add'));
Router::connect('/admin', array('plugin' => 'users', 'controller' => 'users', 'admin' => true));
Router::connect('/admin/:action/*', array('plugin' => 'users', 'controller' => 'users', 'admin' => true));

core.php

Configure::write('Routing.prefixes', array('admin'));

EDIT: isAuthorized() was not being called when i called the authorize = array('Controller') in the components. Had to add this in the beforeFilter() of the AppController: $this->Auth->authorize = 'Controller';