cakephp restrict action depending on user status

Question

I'm using CakePHP 3.2 to develop seller panel.

There is sellers table to store all details and credentials and there is a column status on integer type.

status column is used to mark seller as approved or not like this

0 = Registered not approved
1 = Approved
2 = Canceled

There is sell action in ProductsController.php.

I want to allow this action to only seller whose status is 1. And print message as per status id if user is not approved like

1 : Sorry! Your account is not verified yet.
2 : Sorry! Your account has been canceled. Contact Admin.

This is what I'm doing to prevent sell action. I have added following code in beforeFilter() of ProductsController.php

public function beforeFilter(Event $event)
    {
        parent::beforeFilter($event);

        if ($this->Auth->user('status') != 1) {
            $this->Auth->deny(['sell']);
        }
    }

But this is not working and sell action is still accessible to all sellers.

Try `$this->Auth->user()['status']` – Jacek B Budzynski Aug 22 '16 at 08:29 — Jacek B Budzynski, Aug 22 '16 at 08:29
not working @JacekBBudzyñski – Gaurav Aug 22 '16 at 11:58 — Gaurav, Aug 22 '16 at 11:58
it should be working - can you debug $this->Auth->user() ? – Konstantinos Daskalopoulos Aug 22 '16 at 23:34 — Konstantinos Daskalopoulos, Aug 22 '16 at 23:34

score 0 · Answer 1 · answered Jan 30 '17 at 09:36

You need to change your Auth configuration 'checkAuthIn' on initialize() to 'Controller.initialize' (default 'Controller.startup'):

$this->Auth->config('checkAuthIn', 'Controller.initialize');

To use $this->Auth->user() in beforeFilter() as described in documentation.

cakephp restrict action depending on user status

1 Answers1