There will be a time when a project will necessitate the creation of different levels of ADMIN or GROUP LEVEL: administrator, editor, member etc.
First, create a table and name it groups with two columns: id and title.
CREATE TABLE IF NOT EXISTS `groups` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(10) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; INSERT INTO `groups` (`id`, `name`) VALUES (1, 'admin'), (2, 'editor'), (3, 'member');
Create a column in your users table and name it group_id
In your "beforeFilter" function in your AppController add the following:
// EXAMPLE
// if the users is an EDITOR allow them only the privilege to editing and adding events and NOTHING esle
if ($this->Auth->user('group_id') == '2') {
if ($this->request->params['controller'] != 'events') {
if (in_array ($this->request->params['action'], array('admin_edit', 'admin_add', 'admin_delete'))) {
$this->Session->setFlash(__('You do not have authority to EDIT this page.'));
$this->redirect('/admin/users');
}
}
}
// EXAMPLE TWO
// Disallow editing, adding and deleting for all regular memebers
if ($this->Auth->user('group_id') == '3') {
if (in_array ($this->request->params['action'], array('admin_edit', 'admin_add', 'admin_delete'))) {
$this->Session->setFlash(__('You do not have authority to EDIT this page.'));
$this->redirect('/admin/users');
}
}
There are others ways to limit access and to set user admin privileges such as setting access in each controller. This method, however, is more comprehensive in the coverage of all controllers