I am trying to use the isAuthorized() method to do a check for an admin flag, but the function never seems to be called. Even when I set the function to always return false, it allows any user. It just seems like it isn't being called.
Do I need to do something more than setting $this->Auth->authorize = 'controller' ?
from /app/app_controller.php
class AppController extends Controller{var $components = array('Auth');function beforeFilter(){ $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login'); $this->Auth->loginRedirect = array('controller' => 'pages', 'display' => 'home'); $this->Auth->logoutRedirect = '/'; $this->Auth->authorize = 'controller'; $this->Auth->userScope = array('User.active' => 1);}function isAuthorized(){ if (strpos($this->action, "admin_") != false) { if ($this->Auth->user('isAdmin') == '0') { return false; } } return true;}}