As we saw in our previous recipe, CakePHP provides several core authorization classes out of the box, but it also provides the ability to customize the process using your own authorization and authentication classes.
In this recipe, we'll introduce a custom authorization process based on an
is_admin flag in our
users table, where we'll restrict access to all our admin-prefixed routes.
For this recipe, we'll be using the basic authenticate protected controller from our previous tutorial. So, first create a
users table using the following SQL statement, or update it with the highlighted field:
CREATE TABLE users ( id VARCHAR(36) NOT NULL, username VARCHAR(255) NOT NULL, password VARCHAR(128) NOT NULL, active TINYINT(1) ...