【问题标题】:cakephp 3 Error with passed parameter in urlcakephp 3 在 url 中传递参数错误
【发布时间】:2015-10-10 07:46:40
【问题描述】:

我正在使用 cakephp 3 制作应用程序,我想限制普通用户(在这种情况下为“校友”)查看和编辑他们的个人资料,所以我尝试比较登录用户的 id 和值发送通过 url 中的请求,但它不起作用,它发送以下错误“通知(8):未定义的偏移量:0 [APP/Controller\UsersController.php,第 144 行]”,$this->request-> params['pass'][0] 变量为空。我该如何解决这个问题?

这是我的 userController.php

class UsersController extends AppController{

/**
 * Index method
 *
 * @return void
 */
public function index()
{
    $this->paginate = [
        'contain' => ['Grados']
    ];
    $this->set('users', $this->paginate($this->Users));
    $this->set('_serialize', ['users']);
}

/**
 * View method
 *
 * @param string|null $id User id.
 * @return void
 * @throws \Cake\Network\Exception\NotFoundException When record not found.
 */
public function view($id = null)
{
    $user = $this->Users->get($id, [
        'contain' => ['Grados', 'Clases', 'ConveniosUsuarios', 'Desvinculaciones', 'HistorialAlumnos', 'Pagos', 'Pedidos']
    ]);
    $this->set('user', $user);
    $this->set('_serialize', ['user']);
}

/**
 * Add method
 *
 * @return void Redirects on successful add, renders view otherwise.
 */
public function add()
{
    $user = $this->Users->newEntity();
    if ($this->request->is('post')) {
        $user = $this->Users->patchEntity($user, $this->request->data);

        if ($this->Users->save($user)) {
            $this->Flash->success(__('The user has been saved.'));
            return $this->redirect(['action' => 'index']);
        } else {
            $this->Flash->error(__('The user could not be saved. Please, try again.'));
        }
    }
    $grados = $this->Users->Grados->find('list', ['limit' => 200]);
    $this->set(compact('user', 'grados'));
    $this->set('_serialize', ['user']);
}

/**
 * Edit method
 *
 * @param string|null $id User id.
 * @return void Redirects on successful edit, renders view otherwise.
 * @throws \Cake\Network\Exception\NotFoundException When record not found.
 */
public function edit($id = null)
{
    $user = $this->Users->get($id, [
        'contain' => []
    ]);
    if ($this->request->is(['patch', 'post', 'put'])) {
        $user = $this->Users->patchEntity($user, $this->request->data);
        if ($this->Users->save($user)) {
            $this->Flash->success(__('The user has been saved.'));
            return $this->redirect(['action' => 'index']);
        } else {
            $this->Flash->error(__('The user could not be saved. Please, try again.'));
        }
    }
    $grados = $this->Users->Grados->find('list', ['limit' => 200]);
    $this->set(compact('user', 'grados'));
    $this->set('_serialize', ['user']);
}

/**
 * Delete method
 *
 * @param string|null $id User id.
 * @return void Redirects to index.
 * @throws \Cake\Network\Exception\NotFoundException When record not found.
 */
public function delete($id = null)
{
    $this->request->allowMethod(['post', 'delete']);
    $user = $this->Users->get($id);
    if ($this->Users->delete($user)) {
        $this->Flash->success(__('The user has been deleted.'));
    } else {
        $this->Flash->error(__('The user could not be deleted. Please, try again.'));
    }
    return $this->redirect(['action' => 'index']);
}

public function beforeFilter(Event $event)
{ 
    $this->Auth->allow(['logout']);
}

public function login()
{
    if ($this->request->is('post')) {
        $user = $this->Auth->identify();
        if ($user) {
            $this->Auth->setUser($user);
            if ($this->Auth->user('rol') == 'Alumno') {
                $this->redirect('users'.DS.'view'.DS.$this->Auth->user('id'));
            }else{
                return $this->redirect($this->Auth->redirectUrl());
            }
        }else{
            $this->Flash->error(__('Usario o contraseña invalidos!'));    
        }
    }
}

public function logout()
{
    return $this->redirect($this->Auth->logout());
}

public function isAuthorized($user)
{
    $userid=$this->Auth->user('id');
    $id= $this->request->params['pass'][0];//here is the problem!!
    $action = $this->request->params['action'];
    if ($user['rol']=='Instructor') {
        return true;
    }else if ($user['rol']!='Instructor') {
        if (in_array($action, ['edit', 'view']) && $userid == $id) {
            return true;
        }
        return false;
    }
    return parent::isAuthorized($user);
}
}

如果用户正确debug($this->request->params)显示:

    [
    'plugin' => null,
    'controller' => 'Users',
    'action' => 'view',
    '_ext' => null,
    'pass' => [
        (int) 0 => '4'
    ]
]

但如果用户尝试查看其他配置文件 debug($this->request->params) 显示:

[
    'plugin' => null,
    'controller' => 'Users',
    'action' => 'index',
    '_ext' => null,
    'pass' => []
]

AppController.php

class AppController extends Controller
{
/**
 * Initialization hook method.
 *
 * Use this method to add common initialization code like loading components.
 *
 * @return void
 */
public function initialize()
{
    $this->loadComponent('Flash');
    $this->loadComponent('Auth', [
        'authorize' => ['Controller'],
        'loginRedirect' => [
            'controller' => 'Users',
            'action' => 'index'
        ],
        'logoutRedirect' => [
            'controller' => 'Users',
            'action' => 'login'
        ]
    ]);
}

public function beforeFilter(Event $event)
{
    $this->Auth->allow(['login']);
}

public function isAuthorized($user)
{
    // Admin can access every action
    if (isset($user['role']) && $user['role'] === 'admin') {
        return true;
    }
    // Default deny
    return false;
}
}

【问题讨论】:

  • 你能在你的错误前添加$this->request->params的内容吗?
  • 完成!,我为 2 个案例添加了 debug($this->request->params) 的结果
  • 我添加了appController.php

标签: php url cakephp authorization roles


【解决方案1】:

感谢您的编辑。

我相信pass是在条件in_array()之后设置的,所以你需要在这个条件之后设置$id

public function isAuthorized($user)
{
    $userid = $this->Auth->user('id');
    $action = $this->request->params['action'];
    if ($user['rol'] == 'Instructor') {
        return true;
    } else if ($user['rol'] != 'Instructor') {
        if (in_array($action, ['edit', 'view'])) {
            $id = $this->request->params['pass'][0]; // Moved here
            if ($userid == $id) {
                return true;
            }
        }
        return false;
    }
    return parent::isAuthorized($user);
}

如果不起作用,您仍然可以在尝试设置$id之前检查$this->request->params['pass'][0]是否存在。

【讨论】:

  • 它不起作用,现在错误信息在 chrome 中,“此网页有重定向循环”
  • 你能给我更多的细节(日志会很棒)吗?您是否尝试过其他浏览器?
  • 火狐也有同样的问题。你指的是什么日志?
  • 在您的 CakePHP 项目中,您有一个目录 logs 和一个 error.log 文件
  • 日志错误只是有关于 cakephp 函数错误的信息,没有关于重定向循环的信息。此外,如果我将 AppController.php 中的 de loginRedirect 更改为 'action=>view' ,则循环消失但在设置 $id = $this->request-> 时显示旧错误“未定义偏移量:0”参数['pass'][0];
【解决方案2】:

我使用这个插件解决了这个错误: https://github.com/AlessandroMinoccheri/UserPermissions

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2016-11-03
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2018-09-06
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多