*/
public function isAuthorized($user)
{
- if($this->Auth->user()){
- return true;
- }
-
+ //If user is auth
+ if ($this->Auth->user()){
+ if ($this->request->is('edit')){
+ return true;
+ }
+ }
return parent::isAuthorized($user);
}
*/
public function beforeFilter(\Cake\Event\Event $event)
{
- $this->Auth->allow('add','digest');
+ $this->Auth->deny('delete','edit');
parent::beforeFilter($event);
}
public function isAuthorized($user)
{
+ if ($this->request->is('get')){
+ return true;
+ }
+
// Admin peuvent accéder à chaque action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;