I have an app in which I'm using allow()/deny() for most of the access control, and I would like to be able to check in beforeFilter() if the user is authorized or not. If I were using controller or one of the other auth methods, I could use isAuthorized(), but that doesn't work for allow/deny - I want it to return true if a user isn't logged in but they're on a publicly accessible page.
To maybe take a step back and allow for other solutions: I have my app set up using subdomains (user.example.com), and if they aren't using a subdomain, I want to return 404 for the non-frontend pages, and only allow them to access them via a user subdomain.
Is there a better way to do this - perhaps by adding controller authorization? I still would run into the issue of needing to know whether or not they are authorized. Is there a way to alter what the Auth component does when authorization fails? I want it to return 404, but only on certain conditions (specifically, the user is not accessing the site via a subdomain).
