CakePHP Auth only for Admin Prefix

Question

I have admin prefix where we have a CMS based section where site owners will be able to maintain the app content.

Is there any way to restrict automatically only those sections via Auth component. While other parts dont require authentication.

// other wise i will have to add a lot of actions like below
$this->Auth->allow('home', 'about', 'contacts);

Answer 1

just $this->Auth->allow(); when prefix != 'admin'

Answer 2

You can accomplish this pretty simply using Controller based Authorization: http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-controllerauthorize

The idea is that you will have an isAuthorized() method in your controller (and any controller where you want specific rules) that returns true or false based on the user's authorization.

So you could disable all admin paths (except for those who are authenticated) by putting something like this in your AppController:

public function isAuthorized($user) {
    // * Admin section control
    if (empty($this->params['admin'])) {
        // ** DEFAULT: All users can access public functions
        return true;
    } else if(AuthComponent::user('role') == 'admin'){
        // ** Allow admin users access to everything.
        return true;
    }
    // * DEFAULT: Deny all
    return false;
}

Edit: Oops -- this would only be useful if the user was already authenticated (logged in), sorry.