How to restrict ordinary user accessing all views

I want to restrict users with role="ordinary" accessing other Controller views

example... I have add views under JobsController so

if current login user has a user role="ordinary" basically he or she cant proceed to that and it will prompt, you are restricted accessing that page.

and if current user login has a user role="admin" he or she can proceed

I have this code below under AppController.php

 public function isAuthorized($user)
        if (isset($user['role']) && $user['role'] === 'admin') {        
                return true;
        if (isset($user['role']) && $user['role'] === 'ordinary') {

            $allowedActions = ['index', 'logout', 'add'];
            if(in_array($this->request->action, $allowedActions)) {
                return true;
        return false;


1 answer

  • answered 2018-04-14 14:21 distromob

    You can just put like this

    if($this->request->session()->read('Auth.User.role') == 'admin'){
      /// display the views
      /// if current login user has admin role
       echo"You are not allowed to access this area";

    role must be present in users table field.

    Hope it help your problem