使用ACL并在模型上检查user_id的cakePHP权限
[英]cakePHP permissions using ACL and checking user_id on the model
问题描述
I have my cakePHP application running with acl permissions enabled. 
我在启用acl权限的情况下运行cakePHP应用程序。 I have allowed a group of users to be able to access all of the actions on one of my controllers but sometimes I want to be able to deny access if their user id does not match the user id value in the model they are trying to access or based on some other arbitrary criteria. 我已经允许一组用户访问我的一个控制器上的所有操作,但是有时我希望如果用户ID与他们尝试访问的模型中的用户ID值不匹配,则可以拒绝访问或基于其他任意标准。
So.. What is the conventional way to deny users access to actions when the user already has access to the action from the ACL component? 因此,当用户已经可以从ACL组件访问操作时,拒绝用户访问操作的常规方法是什么?
1 个解决方案
解决方案1
0 已采纳 2013-08-11 05:48:15
TLDR: don't use ACL. TLDR:不要使用ACL。 (It's most likely way overkill AND doesn't seem ideal in your project). (这很可能是矫kill过正,在您的项目中似乎并不理想)。
There are a lot of options, depending on your situation, but it boils down to making a method that checks whether or not they have permission to be there/be doing that. 有很多选项,具体取决于您的情况,但是归结为一种方法,可以检查他们是否有权在那里/正在执行此操作。
Whether it's a method in the Controller, the Model, or a Behavior that can be used across all models...etc. 无论是Controller中的方法,模型还是可以在所有模型中使用的行为...等等。
My guess from your description is that an ideal way would be to create a Behavior with a method "hasAccess" or something. 根据您的描述,我的猜测是一种理想的方法是使用“ hasAccess”或其他方法创建一个Behavior。 Then, in the "some actions" where you want to limit access, run the method - something like this: 然后,在您要限制访问权限的“某些操作”中,运行方法-如下所示:
if(!$this->MyModel->hasAccess($userId)) $this->redirect('/');
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.