I just think that some of the stuff in there warrants some explanation.
This function is needed when $this-Auth->authorize = ‘controller’. Theory has it, you can do something similar in app_model if $this-Auth->authorize = ‘model’, but I haven’t looked into this.
The thing that confused me about this is that I thought you were required to perform your own validation. But oh no, this is additional authorization. Sort of like what beforeSave() does, where you can cancel the save after the validation. isAuthorized() is performed after the user has been logged in. If after that, you need some additional stuff, then you can put it in there. I’m not sure why it doesn’t default to return true like beforeSave() (if everything goes well), but if it’s not present, it errors out.
In my User Model I have a field called group_id. So you guessed it, this just returns the group_id of the user that’s logged in. Things couldn’t be simpler.
$this->Auth->userScope = array(‘User.active’ => 1)
userScope is simply used as an added set of conditions and it behaves exactly the same way that $conditions works with the Model::find() function. So what I got about says that the user must be active to login.
So there you go. Happy Baking!