I'm using CakePHP 3.4.
I want to restrict some action to non-admin users.
This is what I tried in my controller
public function beforeFilter(Event $event)
{
if (!$this->Auth->user('super_admin')) {
$this->Auth->deny(['index', 'view', 'add', 'delete']);
}
}
But even non-admin user is able to access denied locations. I tried printing debug in if statement and it is working, means if statement is being called but deny() is not working.
Maybe you need parent::beforeFilter($event); if this is not the app.php file ?
Or you could try this :
if((!$this->Auth->user('super_admin')) && ($this->request->action === 'index')){
//Your redirect and flash
}