In my config.php file, this is the default router.
Router::connect('/', array('controller' => 'users', 'action' => 'signup'));
If users are not connected, they do not have the right to access to the edit actions and view action in the UsersController .
<?php
class UsersController extends AppController{
public $uses = array('User', 'Company', 'Town');
public function beforeFilter(){
parent::beforeFilter();
// If the user is not connected he can't access to these pages
$this->Auth->deny('view', 'edit');
}
}
When users use the login form and are logged in, they are redirected to the page controller and index action.
I would like that they can not enter (user and admin role) to the action signup of the controller Users. Therefore changed the default route when the user is connected (either admin or user) . But i don't know in my case what i should do .
AppController :
<?php
class AppController extends Controller{
public $helpers = array('Text','Form','Html','Session','Cache');
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'pages', 'action' => 'index'),
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email')
)
)
)
);
function beforeFilter(){
$this->Auth->loginAction = array('controller'=>'users','action'=>'login','admin'=>false);
//tell Auth to call the isAuthorized function before allowing access
$this->Auth->authorize = array('Controller');
//allow all non-logged in users access to items without a prefix
if(!isset($this->request->params['prefix'])){
$this->Auth->allow();
}
if(isset($this->request->params['prefix']) && $this->request->params['prefix'] == 'admin'){
$this->layout = 'admin';
}
// Si l'utilisateur est connecté
if (isset($this->Auth) && $this->Auth->user('id')) {
$this->layout = 'user';
}
}
function isAuthorized($user){
if(!isset($this->request->params['prefix'])){
return true;
}
$roles = array(
'admin' => 10,
'user' => 5
);
return false;
}
}
Thanks .
