我试图了解ACL的工作原理。我得到了它,我几乎拥有我想要的东西。我有两组:(组ID:1表示管理员,组ID:2表示客户)。管理员可以访问所有控制器和视图。客户可以访问编辑视图和视图"查看"在用户控制器中。
我的问题是,如果客户(也没有用户)在他们的网络浏览器中写入:http://www.myadress.com/admin,他们可以访问。我只是不明白为什么,我必须做别的事,因为我添加了路由管理员?
我在控制器页面中创建了一个admin_index视图。
我的appController:
<?php
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array(
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
)
),
'Session'
);
public $helpers = array('Html', 'Form', 'Session');
public function beforeFilter() {
parent::beforeFilter();
//Configure AuthComponent
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'home');
if(isset($this->request->params["prefix"]) && $this->request->params["prefix"] == "admin"){
$this->layout = "admin";
} else {
$this->layout = "default";
}
}
}
我的PagesController:
<?php
App::uses('AppController', 'Controller');
class PagesController extends AppController {
public $uses = array();
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow();
}
public function display() {
$path = func_get_args();
$count = count($path);
if (!$count) {
return $this->redirect('/');
}
$page = $subpage = $title_for_layout = null;
if (!empty($path[0])) {
$page = $path[0];
}
if (!empty($path[1])) {
$subpage = $path[1];
}
if (!empty($path[$count - 1])) {
$title_for_layout = Inflector::humanize($path[$count - 1]);
}
$this->set(compact('page', 'subpage', 'title_for_layout'));
try {
$this->render(implode('/', $path));
} catch (MissingViewException $e) {
if (Configure::read('debug')) {
throw $e;
}
throw new NotFoundException();
}
}
public function admin_index() {
$title_for_layout = 'Dashboard';
$this->set(compact('title_for_layout'));
}
}
routes.php文件
* Here, we are connecting '/' (base path) to controller called 'Pages',
* its action called 'display', and we pass a param to select the view file
* to use (in this case, /app/View/Pages/home.ctp)...
*/
Router::connect('/', array('controller' => 'pages', 'action' => 'display', 'home'));
/**
* ...and connect the rest of 'Pages' controller's urls.
*/
Router::connect('/pages/*', array('controller' => 'pages', 'action' => 'display'));
Router::connect('/admin', array('controller' => 'pages', 'action' => 'index', 'admin' => true));
LabController(它是我用来设置acl参数的控制器)
<?php
class LabController extends AppController {
public $uses = array('User', 'Group');
public function beforeFilter() {
parent::beforeFilter();
// Pour CakePHP 2.1 et supérieurs
$this->Auth->allow();
}
public function setacl() {
$group = $this->User->Group;
// Autorise l'accès à tout pour les admins
$group->id = 1;
$this->Acl->allow($group, 'controllers');
// Autorisation de l'édition du profil pour les clients
$group->id = 2;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/users/edit');
$this->Acl->allow($group, 'controllers/users/view');
// Permet aux utilisateurs classiques de se déconnecter
$this->Acl->allow($group, 'controllers/users/logout');
// Nous ajoutons un exit pour éviter d'avoir un message d'erreur affreux "missing views" (manque une vue)
echo "tout est ok";
exit;
}
.... 之后函数build_acl ......
答案 0 :(得分:0)
您可以在beforeRender()事件中检查group_id。即在beforeFiler()之后。逻辑应该是这样的
function beforeRender()
{
parent::beforeRender();
if(AuthComponent::user('role') == 'admin' && AuthComponent::user('group_id') == 1)
{
$this->Auth->allow('view','add','edit','delete');
}
else
{
// do something like redirect
}
}
P.S我还没检查代码。应该没事。