public function isUrlAuthorized(Event $event)
{
$url = Hash::get((array) $event->data, 'url');
if (empty($url)) {
return false;
}
if (is_array($url)) {
$requestUrl = Router::reverse($url);
$requestParams = Router::parse($requestUrl);
} else {
try {
//remove base from $url if exists
$normalizedUrl = Router::normalize($url);
$requestParams = Router::parse($normalizedUrl);
} catch (MissingRouteException $ex) {
//if it's a url pointing to our own app
if (substr($normalizedUrl, 0, 1) === '/') {
throw $ex;
}
return true;
}
$requestUrl = $url;
}
// check if controller action is allowed
if ($this->_isActionAllowed($requestParams)) {
return true;
}
// check we are logged in
$user = $this->_registry->getController()->Auth->user();
if (empty($user)) {
return false;
}
$request = new Request($requestUrl);
$request->params = $requestParams;
$isAuthorized = $this->_registry->getController()->Auth->isAuthorized(null, $request);
return $isAuthorized;
}