使用acos，aros和aros_acos的CakePHP自定义ACL授权扩展名api_的Acl表

Question

我正在使用CakePHP开发一个restful API，我正在尝试实现一个自定义授权，授权用户使用ACL，代码看起来像

<?php
App::uses('BaseAuthorize', 'Controller/Component/Auth');

class ApiAuthorize extends BaseAuthorize {
     public function authorize($user, CakeRequest $request) { 
                $allowed = false;
        $Acl = $this->_Collection->load('Acl'); 
        list($plugin, $userModel) = pluginSplit($this->settings['userModel']);
        $action = $this->action($request); 

        $cacheName = 'permissions_' . strval($user['id']); 
        if (($permissions = Cache::read($cacheName, 'permissions')) === false) {
            $permissions = array(); 
            Cache::write($cacheName, $permissions, 'permissions');
        }
        if (!isset($permissions[$action])) {
            $User = ClassRegistry::init($this->settings['userModel']);
            $User->id = $user['id'];
            $allowed = $Acl->check($User, $action); 
            $permissions[$action] = $allowed;
            Cache::write($cacheName, $permissions, 'permissions');
            $hit = false;
        } else {
            $allowed = $permissions[$action];
            $hit = true;
        }
            return $allowed;
     }
}

我使用相同的网站数据库（使用croogo开发）和API，所以我的数据库已经有acos ， aros和aros_acos网站的表格，所以对于API，我创建了具有api_扩展名的ACL表，如api_acos ， api_aros和api_aros_api_acos

我的ACL表的新模式是

CREATE TABLE IF NOT EXISTS `api_acos` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `model` varchar(255) DEFAULT '',
  `foreign_key` int(10) unsigned DEFAULT NULL,
  `alias` varchar(255) DEFAULT '',
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

CREATE TABLE IF NOT EXISTS `api_acos_api_aros` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `api_aro_id` int(10) unsigned NOT NULL,
  `api_aco_id` int(10) unsigned NOT NULL,
  `_create` char(2) NOT NULL DEFAULT '0',
  `_read` char(2) NOT NULL DEFAULT '0',
  `_update` char(2) NOT NULL DEFAULT '0',
  `_delete` char(2) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

CREATE TABLE IF NOT EXISTS `api_aros` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `model` varchar(255) DEFAULT '',
  `foreign_key` int(10) unsigned DEFAULT NULL,
  `alias` varchar(255) DEFAULT '',
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

我从这里使用自定义ACL类https://github.com/FriendsOfCake/Authorize/blob/master/Controller/Component/Acl/HabtmDbAcl.php

我的问题是我在哪里以及如何使用我的新数据库表（ api_acos ， api_aros和api_aros_api_acos ）进行ACL查找？ 请指出我可以参考自定义ACL授权实现的代码。

Answer 1

我只是重用Croogo的现有acl表和API的不同根节点。

这就是Croogo核心所做的事情。 不幸的是，默认情况下，安装数据不提供此功能。

您可以通过运行Acl.extras shell来创建api根节点：

$ Console/cake acl.extras aco_sync

Welcome to CakePHP v2.5.1 Console
---------------------------------------------------------------
App : croogo-app
Path: /home/rachman/work/personal/deploy/croogo-app/
---------------------------------------------------------------
Skipped Aco node: controllers/Croogo/CroogoError
Created Aco node: controllers/Extensions/ExtensionsDashboard
Created Aco node: controllers/Extensions/ExtensionsDashboard/admin_index
Created Aco node: controllers/Extensions/ExtensionsPlugins/admin_moveup
Created Aco node: controllers/Extensions/ExtensionsPlugins/admin_movedown
Created Aco node: controllers/Menus/Links/admin_link_chooser
Created Aco node: controllers/Menus/Menus/admin_toggle
Created Aco node: controllers/Meta/Meta
Created Aco node: controllers/Meta/Meta/admin_delete_meta
Created Aco node: controllers/Meta/Meta/admin_add_meta
Created Aco node: api/v1_0/Nodes/Nodes/lookup
Created Aco node: api/v1_0/Users/Users/lookup
Created Aco node: controllers/Wysiwyg
Aco Sync Complete

您可以根据API要求手动添加必要的ACO，或使用ApiComponent作为基础，这将使extras shell能够为您的后续版本自动创建它。

UserApiComponent和NodeApiComponent可以提供有关如何实现API方法的一些示例。