Deny all controllers an allow only two methods from a controller


#1

In a CakePhp 2.5 application i have a rule, saying that blocked users can not login, at AppController (‘scope’ => array(‘User.access’ => 1),).

How can i enable access to only two methods for the blocked users ?
Make sure they can not access all the others methods.
Make sure they can not access all the others controllers.

In appController i declare in the scope property, there i say that User.access having 1 can login, so blocked users can not login.

I already do remove scope property :

//'scope' => array('User.access' => 1),

I try at appController into the beforeFilter using $this->Auth->deny();
and after
$this->Auth->allow(array('myAllowedMethod'))
but the users still access all methods.

The original access control uses permissions.ini file

AppController :

public $components = array(
        'Auth' => array('authenticate' => array(
                'Form' => array(
                    'userModel' => 'User',
                    'scope' => array('User.access' => 1),

Is there a way to filter blocked users ( they have User.access = 0 ) and allow only two needed methods ?


#2

All are denied by default when you configure Auth.

Remove the deny line and just allow in your beforeFilter:

php $this->Auth->allow(array('yourMethod1', 'yourMethod2'));


#3

Can i say also wich controller would allowed. Because i need to do it in AppController