How to restrict ordinary user accessing all views

I want to restrict users with role="ordinary" accessing other Controller views

example... I have add views under JobsController so

if current login user has a user role="ordinary" basically he or she cant proceed to that and it will prompt, you are restricted accessing that page.

and if current user login has a user role="admin" he or she can proceed

I have this code below under AppController.php

 public function isAuthorized($user)
    {
        if (isset($user['role']) && $user['role'] === 'admin') {        
                return true;
        }
        if (isset($user['role']) && $user['role'] === 'ordinary') {

            $allowedActions = ['index', 'logout', 'add'];
            if(in_array($this->request->action, $allowedActions)) {
                return true;
            }
        }
        return false;

    }

1 answer

  • answered 2018-04-14 14:21 distromob

    You can just put like this

    <?php
    if($this->request->session()->read('Auth.User.role') == 'admin'){
      /// display the views
      /// if current login user has admin role
    }
    else{
       echo"You are not allowed to access this area";
    }
    ?>
    

    role must be present in users table field.

    Hope it help your problem