In a new post to the Debuggable blog Felix Geisendorfer illustrates a simple access rights system that can be plugged into any CakePHP application you might be developing.
If your application is like most, then you have some basic permission requirements for your data. A simple scenario is the following. Blog posts can only be edited by their owners and administrators. Same goes for viewing unpublished blog posts.
His example modifies the typical "posts" controller to add in a new model (User) with a permission check (can) and a model that implements it into the PostsController to ensure that a user can view any given posting.