[英]cakePHP authentication problems
I am unable to wrap my head around how the Auth component works in cakePHP. 我无法确定CakePHP中Auth组件的工作方式。 I am using 2.1
我正在使用2.1
My login works perfectly, and from my understanding I can set the default component in the appController, which I did as listed below. 我的登录完美无缺,据我所知,我可以在appController中设置默认组件,如下所示。
// App controller:
public $components = array(
'Session',
'Auth' => array(
'loginAction' => array(
'controller' => 'users',
'action' => 'login',
),
'authError' => "Your username and password is incorrect, please try again.",
'authenticate' => array(
'Form' => array(
'scope' => array('User.user_status_id' => 1)
)
),
'redirect' => array("controller" => "users", "action" => "profile"),
'loginRedirect' => array("controller" => "users", "action" => "profile")
)
);
public function beforeFilter() {
$this->Auth->allow("home");
if($this->Auth->loggedIn() == true) {
$this->set("user_name",$this->Auth->user("first_name")." ".$this->Auth->user("last_name"));
$this->set("loggedIn",true);
if($this->Auth->user("user_type_id") == 5) {
$this->set("navigation","navigation_admin");
} else {
$this->set("navigation","navigation_loggedin");
}
} else {
$this->set("loggedIn",false);
$this->set("navigation","navigation_notloggedin");
}
}
home is located /app/view/home.ctp, however, I cannot access the page without being logged in. Next I have 2 different user levels, normal and administrator. home位于/app/view/home.ctp,但是,如果没有登录我就无法访问该页面。接下来,我有2个不同的用户级别,普通用户和管理员。 I want to limit certain actions in controllers based if you're an admin or not.
如果您不是管理员,我想限制控制器中的某些操作。
In my UserController I have example: 在我的UserController中,我有一个例子:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow("login");
if($this->Auth->user("user_type_id") != 5) {
$this->Auth->allow("login","profile");
}
}
But irrespective of the user type, everyone can view the actions. 但是,无论用户类型如何,每个人都可以查看操作。
In my pages controller I also have the following: 在页面控制器中,我还具有以下内容:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow("*");
}
But I have to be logged in to view any pages. 但是我必须登录才能查看任何页面。
I am convinced I am doing something wrong, but I cannot wrap my head around what, any help? 我坚信自己做错了什么,但是我无法解决问题,有什么帮助吗?
First, home
is not an action on the controller, so $this->Auth->allow("home");
首先,
home
不是控制器上的动作,因此$this->Auth->allow("home");
wouldn't have an effect. 不会有效果。
$this->Auth->allow("display");
would but would allow all pages to be seen (not sure if that's intended). 但可以允许看到所有页面(不确定是否要这样做)。
Secondly, you are using $this->Auth->allow("*");
其次,您正在使用
$this->Auth->allow("*");
after you call the parent's beforeFilter, which means that AppController::beforeFilter()
would treat it as if the user wasn't logged in, since it doesn't know what you've allowed after the fact. 在调用父级的beforeFilter之后,这意味着
AppController::beforeFilter()
会将其视为未登录用户,因为它不知道事后允许您做什么。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.