As promised in the previous part we’ll take a look at the admin section.
If you remember, we’ve setup our users so that when they create an account, they are inactive by default and cannot login into the app.
app/Controller/AppController.php
Since our freshly created users have is_active = 0 we’ll need to create an admin page where one would be able to approve inactive users.
Let’s see how we’ll act in the admin role.
In part 1, we’ve setup prefix routing and our app is ready to accept admin logins.
This is our login() method again:
if ($this->request->is('post')) {
if ($this->Auth->login()) {
if ($this->Auth->user('is_admin')) {
return $this->redirect(array(
'controller' => 'users',
'action' => 'index',
'admin' => true
));
} else {
return $this->redirect('/');
}
} else {
$this->Session->setFlash(__('Username or password is incorrect'), 'default', array(), 'auth');
}
}
}
And here’s a relevant view, just in case:
If we look at the redirect() method in the above login() it presumes that we have an admin_index() action.
Let’s create one:
The goal is to display (paginate) inactive users, so that an admin can approve them… simple enough.
I’m not going to cover pagination setup here, as it is very simple, covered nicely in the manual and would be beyond what we need consider for now.
Anyways, let’s build a simple view to display our inactive users:
<?php foreach ($users as $user) : ?>
<div>
<?php echo $user['User']['username']; ?>
<?php
echo $this->Html->link('Activate', array(
'controller' => 'users',
'action' => 'user_activate',
'admin' => true,
$user['User']['id']
));
?>
<?php
echo $this->Html->link('Edit', array(
'controller' => 'users',
'action' => 'user_edit',
'admin' => true,
$user['User']['id']
));
?>
</div>
<?php endforeach; ?>
<?php endif; ?>
Next to each username we’ll show an “Activate” and “Edit” links.
Ultimately the “Activate” link we’ll be something like example.com/admin/users/user_activate/345. This should change the user status with ID = 345 from inactive to active.
Here’s the method to do so:
if ($id) {
$this->User->id = $id;
if ($this->User->saveField('is_active', 1)) {
return $this->redirect(array(
'controller' => 'users',
'action' => 'index',
'admin' => true
));
}
}
}
All we are doing is updating is_active field to “1” for a given user $id.
Now the user has been approved and we redirect the admin back to the index page.
Let’s recap:
- We’ve setup basic Auth to allow users to login and register in the system
- We’ve added a check so that only active users can login
- We’ve setup admin/prefix routing to allow for creation of admin-only resources
- We’ve added a check so that only admins can access the above resources
- And finally, we’ve added the ability for admins to activate the users
p.s. Here’s a simple chunk of code that creates a “Log in/Log out” link so that users can act accordingly. You’ll probably want to add this to your layout or a relevant element.
With a simple check for presence of the Auth.User key (this is where Auth stores information about logged-in users) we know if the user is logged-in or not into the system, and by using a quick ternary operator we display either a “Log out” or “Log in” links.
The end.
