我正在尝试覆盖Adminhtml的IndexController,下面是源代码:
class T2_AjaxAdmin_Adminhtml_IndexController extends Mage_Adminhtml_IndexController
{
/**
* Administrator ajax login action
*/
public function ajaxAction()
{
$jsonData = array();
$this->getResponse()->setHeader('Content-type', 'application/json');
$this->getResponse()->setBody(Mage::helper('core')->jsonEncode($jsonData));
exit();
}
}
我的配置文件
<?xml version="1.0"?>
<config>
<admin>
<routers>
<adminhtml>
<args>
<modules>
<T2_AjaxAdmin before="Mage_Adminhtml">T2_AjaxAdmin_Adminhtml</T2_AjaxAdmin>
</modules>
</args>
</adminhtml>
</routers>
</admin>
</config>
我刚刚发现,从Adminhtml扩展的任何控制器都将首先重定向到登录页面。
我必须做些什么来阻止这种情况?
答案 0 :(得分:1)
您可能需要查看app/code/core/Mage/Admin/Model/Observer.php
,这可能会限制一系列“开放行动”&#39; (没有登录)。
你必须环顾第51行:
$requestedActionName = $request->getActionName();
$openActions = array(
'forgotpassword',
'resetpassword',
'resetpasswordpost',
'logout',
'refresh' // captcha refresh
);
if (in_array($requestedActionName, $openActions)) {
$request->setDispatched(true);
}
稍后在同一个文件中,他们还会检查参数forwarded
,因此根据该参数,您可以欺骗Magento并访问我们的控制器而无需登录。
所以我只是为你做了检查,这项工作在我身边:
class B_Enoit_TestController extends Mage_Adminhtml_Controller_Action
{
public function preDispatch ()
{
Mage::app ()->getRequest ()->setParam ( 'forwarded', true );
return parent::preDispatch ();
}
public function indexAction ()
{
die ( 'I am in without login' );
}
}
因此,您必须知道这只是基于此文件app/code/core/Mage/Admin/Model/Observer.php
深入了解:
public function actionPreDispatchAdmin($observer)
{
// some code I omit for shorten purpose
$request = Mage::app()->getRequest();
$user = $session->getUser();
$requestedActionName = $request->getActionName();
$openActions = array(
'forgotpassword',
'resetpassword',
'resetpasswordpost',
'logout',
'refresh' // captcha refresh
);
// so this test the current action against the list of open actions, which don't have to redirect to login, as seen above
if (in_array($requestedActionName, $openActions)) {
$request->setDispatched(true);
} else {
if($user) {
$user->reload();
}
// So after reloading the user, it checks if this admin user really exists
if (!$user || !$user->getId()) {
// this below condition test if we come from the login page and if we are currently trying to log in
if ($request->getPost('login')) {
// some code I omit for shorten purpose
}
// This test the query param forwarded so it is from reading this line that I created my working example
if (!$request->getParam('forwarded')) {
// some code I omit for shorten purpose
}
}
}
$session->refreshAcl();
}
看起来他们通过json或ajax访问管理数据就像你想要的那样,所以我认为这是你的选择。
您必须了解控制器的Mage::app ()->getRequest ()->setParam ('param','value')
中的preDispatch
就像伪装一样将其作为查询参数传递。
确实如果你试图访问这样的控制器:
class B_Enoit_TestController extends Mage_Adminhtml_Controller_Action
{
public function indexAction ()
{
die ( 'I am in without login' );
}
}
通过网址http://www.example.com/admin/test/index/forwarded/1/它会正常工作,它不会将您重定向到登录,即使它扩展Mage_Adminhtml_Controller_Action