Configuring Authorization handlers You configure authorization handlers using
$this->Auth->authorize. You can configure one or many handlers for authorization. Using
multiple handlers allows you to support different ways of checking authorization. When authorization
handlers are checked, they will be called in the order they are declared. Handlers should return false, if they
are unable to check authorization, or the check has failed. Handlers should return true if they were able to
check authorization successfully. Handlers will be called in sequence until one passes. If all checks fail, the
user will be redirected to the page they came from. Additionally you can halt all authorization by throwing
an exception. You will need to catch any thrown exceptions, and handle them.
You can configure authorization handlers in your controller’s beforeFilter or, in the $components
array. You can pass configuration information into each authorization object, using an array:
// Basic setup
$this->Auth->authorize = array(’Controller’);
// Pass settings in
$this->Auth->authorize = array(
’Actions’ => array(’actionPath’ => ’controllers/’),
’Controller’
);
Much like Auth->authenticate, Auth->authorize, helps you keep your code DRY, by using the
all key. This special key allows you to set settings that are passed to every attached object. The all key is
also exposed as AuthComponent::ALL:
// Pass settings in using ’all’
$this->Auth->authorize = array(
AuthComponent::ALL => array(’actionPath’ => ’controllers/’),
’Actions’,
’Controller’
);
In the above example, both the Actions and Controller will get the settings defined for the ‘all’ key.
Any settings passed to a specific authorization object will override the matching key in the ‘all’ key. The
core authorize objects support the following configuration keys.
• actionPath Used by ActionsAuthorize to locate controller action ACO’s in the ACO tree.
• actionMap Action -> CRUD mappings. Used by CrudAuthorize and authorization objects that
want to map actions to CRUD roles.
• userModel The name of the ARO/Model node user information can be found under. Used with
ActionsAuthorize.
Creating Custom Authorize objects Because authorize objects are pluggable, you can create custom authorize
objects in your application or plugins. If for example you wanted to create an LDAP authorize object.
In app/Controller/Component/Auth/LdapAuthorize.php you could put the following:
App::uses(’BaseAuthorize’, ’Controller/Component/Auth’);
class LdapAuthorize extends BaseAuthorize {
public function authorize($user, CakeRequest $request) {
