Cakephp’s Auth Component – edit/delete user’s profile

Users can edit or delete only his/her own profile. Admin can edit/delete others users profiles. Public function isAuthorized compares logged-in user’s id with user’s id from the URL. If the ids match, edit and delete buttons work, otherwise do not work. It also checks if user’s role is ‘admin’.

Moreover the edit/delete buttons associated with others users in users view are hidden:

The users view with hidden edit/delete buttons:

If the user wants to bypass the isAuthorized function and hidden edit/delete buttons by typing edit user URL with someone’s else id e.g.: (user fred id=14 is typing wilma’s id=13)
the error message ‘You can’t access that page’ appears: