Custom authorize class
As we saw in our previous recipe, CakePHP provides several core authorization classes out of the box, but it also provides the ability to customize the process using your own authorization and authentication classes.
In this recipe, we'll introduce a custom authorization process based on an is_admin
flag in our users
table, where we'll restrict access to all our admin-prefixed routes.
Getting ready
For this recipe, we'll be using the basic authenticate protected controller from our previous tutorial. So, first create a users
table using the following SQL statement, or update it with the highlighted field:
CREATE TABLE users (
id VARCHAR(36) NOT NULL,
username VARCHAR(255) NOT NULL,
password VARCHAR(128) NOT NULL,
active TINYINT(1) DEFAULT '0',
is_admin TINYINT(1) DEFAULT '0',
created DATETIME DEFAULT NULL,
modified DATETIME DEFAULT NULL,
PRIMARY KEY(id)
);
As suggested in our previous recipe, it's strongly recommended that you set up SSL for your domain...