CakePHP中的自定义用户注册/登录和角色/权限?
[英]Customized User Registration/Login and roles/permissions in CakePHP?
问题描述
In my application, there are certain modifications needed. 
在我的应用程序中,需要进行某些修改。 I am trying to list them below : 我想在下面列出它们:
- User Registration: Email should be verified. 用户注册:电子邮件应经过验证。
- User Registration : Users are given choice to register as different roles. 用户注册:用户可以选择注册为不同的角色。
- User Login : Access Control on various controllers/actions and views based on logged-in user. 用户登录:基于登录用户的各种控制器/动作和视图的访问控制。
I have found there is a plugin for email verification and then there is Acl for user access control. 我发现有一个用于电子邮件验证的插件,然后有用于用户访问控制的Acl。 But I am new to Cake and certainly I am comfortable with native sessions and cookies and tokens (for email verification). 但是我是Cake的新手,当然我对本机会话以及Cookie和令牌(用于电子邮件验证)感到满意。 So,what is more preferable, if I skip Auth module in favor of $this->Session and write a tokenization script? 那么,如果我跳过Auth模块,而赞成$this->Session并编写一个标记化脚本,那是什么更可取呢? What are advantages of using Auth besides security ? 除了安全性外,使用Auth有什么优势?
Edit (one more question) : In cakePHP if we use allow method : 编辑 (另一个问题):在cakePHP中,如果我们使用allow方法:
if($this->Auth->user('roles') == 'usertype1') {
$this->Auth->allow('index', 'add', 'edit', 'delete');
}
I can handle the access to controller methods. 我可以处理对控制器方法的访问。 But how should I add "pending" column in users table so that I can verify it with Auth that whether user is pending or active? 但是,如何在用户表中添加“待处理”列,以便可以通过Auth验证用户是否处于待处理状态? If this is done, I shall only be needed to write verification email part. 如果这样做,我只需要写验证电子邮件部分。 Or is it advisable to go for checking sessions only *with a session variable "isactive" and perform checks on methods as asked in original question above ? 还是建议仅使用会话变量“ isactive”检查会话,并按照上面原始问题中的方法对方法进行检查?
1 个解决方案
解决方案1
0 2013-11-03 10:49:58
You can easily achieve the desired functionality using Admin routing ( routing prefix) or ACL. 您可以使用管理员路由(路由前缀)或ACL轻松实现所需的功能。 You have to write email verification part with th ehelp of email helper. 您必须在电子邮件帮助程序的帮助下编写电子邮件验证部分。 For you second question: You can have a field in your database showing user is active or not. 对于您的第二个问题:数据库中可以有一个字段,显示用户是否处于活动状态。 Let us say it's 'active' of boolean type. 让我们说这是布尔类型的“活动”。 This value will setto TRUE is user verified his email. 如果用户验证了他的电子邮件,则此值将设置为TRUE。 To allow only Active user to login, you can 要仅允许活动用户登录,您可以
$this->Auth->authenticate = array(
AuthComponent::ALL => array(
'userModel' => 'User',
'fields' => array(
'username' => 'username',
'password' => 'password'
),
'scope' => array(
'User.active' => 1,
)
), 'Form'
);
In this way only active can login. 这样,只有活动用户才能登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.