permissions.php

<?php
/**
 * $Id$
 * @license
 * 
 * @package usuarios
 * @subpackage components
 * @author Danilo Domínguez P.
 * @copyright UTP
 */
App::import('Core', 'Inflector');
class PermissionComponent extends Object {
	var $components = array('Auth', 'Session');
	var $Privilege;
	var $Controller;

	function initialize(&$controller, $settings = array()) {
		$this->Privilege = ClassRegistry::init('Privilege');
		$this->Controller = $controller;
	}
	function startup(&$controller) {
		$this->Privilege = ClassRegistry::init('Privilege');
		$this->Controller = $controller;
	}

	/**
	 * 
	 * Verifica si el usuario tiene permiso para la ver la página 
	 * actual
	 */
	function verifyPrivilege() {
		switch ($this->Controller->action) {
			case 'login':
			case 'logout':
				break;
			default:
				// get minimum level
				$groups = explode(",", $this->Controller->Auth->user('roles_id'));
                                if (empty($groups)) {
                                    $groups = array(ANONYMOUS_GROUP); //debes definir ANONYMOUS_GROUP con el valor del grupo
                                }
				$valid = $this->Privilege->find('first', array(
                  'conditions' => array(
                     'and' => array(
                        'controller' => Inflector::underscore($this->Controller->name),
                        'action' => $this->Controller->action,
                        'rol_id' => $groups,
				)
				),
                  'fields' => array('Privilege.id'),
                  'limit' => 1,
                  'recursive' => -1
				));
				// check if they have access
				if (empty($valid['Privilege'])) return false;

				return true;
		}
	}
}

Perfect., let me check if work ... tonigth