CakeDC\Users\Controller\Component\UsersAuthComponent::isUrlAuthorized PHP Method

    public function isUrlAuthorized(Event $event)
    {
        $url = Hash::get((array) $event->data, 'url');
        if (empty($url)) {
            return false;
        }
        if (is_array($url)) {
            $requestUrl = Router::reverse($url);
            $requestParams = Router::parse($requestUrl);
        } else {
            try {
                //remove base from $url if exists
                $normalizedUrl = Router::normalize($url);
                $requestParams = Router::parse($normalizedUrl);
            } catch (MissingRouteException $ex) {
                //if it's a url pointing to our own app
                if (substr($normalizedUrl, 0, 1) === '/') {
                    throw $ex;
                }
                return true;
            }
            $requestUrl = $url;
        }
        // check if controller action is allowed
        if ($this->_isActionAllowed($requestParams)) {
            return true;
        }
        // check we are logged in
        $user = $this->_registry->getController()->Auth->user();
        if (empty($user)) {
            return false;
        }
        $request = new Request($requestUrl);
        $request->params = $requestParams;
        $isAuthorized = $this->_registry->getController()->Auth->isAuthorized(null, $request);
        return $isAuthorized;
    }