cakePHP Auth - with allow/deny, what isAuthorized is actualley needed for?

Check this:

function beforeFilter() {
    $this->Auth->authorize = 'controller';
    $this->Auth->allow('delete');
}

function isAuthorized() {
    if ($this->Auth->user('role') != 'admin') {
        $this->Auth->deny('delete');
    }

    ...
}

(from: http://book.cakephp.org/view/1255/AuthComponent-Methods#deny-1258)

This is the documentation-example for isAuthoriz开发者_如何学编程ed. what do I need it for if I can simply set the conditions in the beforeFilter itself? seems like extra useless code..

It allows you to separate your authorisation logic from other logic that may reside in your beforeFilter callback. Moreover, as it's a method, you can take advantage of inheritance by implementing it in AppModel, and also override or extend the functionality in individual controllers. The code example you quoted doesn't really reflect the fact that the method should really return true/false. A better example might be authorising access to admin routed pages site-wide by putting something like this in AppModel:

public function isAuthorized() {
    if (isset($this->params['admin']) && $this->Auth->user('role') == 'admin') {
        return true;
    }
    return false;
}