For example, if you have an ArticlesController it will check the $this->article instance variable
and ensure the user can perform the current action on it. Under the hood it is doing
something like the following.
$this->authorize($this->params['action'], $this->article ?: 'Article')
Call this method directly on the controller class.
class BooksController extends Controller
{
public function __construct()
{
$this->authorizeResource();
}
}
If you pass in the name of a resource which does not match the controller it will assume
it is a parent resource.
class BooksController extends Controller
{
public function __construct()
{
$this->authorizeResource('author');
$this->authorizeResource('book');
}
}
Here it will authorize 'show', $this->author on every action before authorizing the book.
That first argument is optional and will default to the singular name of the controller.
A hash of options (see below) can also be passed to this method to further customize it.
See loadAndAuthorizeResource() to automatically load the resource too.
Options:
['only']
Only applies before filter to given actions.
['except']
Does not apply before filter to given actions.
['singleton']
Pass true if this is a singleton resource through a hasOne association.
['parent']
True or false depending on if the resource is considered a parent resource. This defaults to true if a resource
name is given which does not match the controller.
['class']
The class to use for the model (string). This passed in when the instance variable is not set.
Pass false if there is no associated class for this resource and it will use a symbol of the resource name.
['instance_name']
The name of the instance variable for this resource.
['through']
Authorize conditions on this parent resource when instance isn't available.
['prepend']
Passing true will use prependBeforeFilter() instead of a normal beforeFilter().
