【发布时间】:2014-08-27 04:41:39
【问题描述】:
我正在尝试了解 ACL 的工作原理。我明白了,我几乎得到了我想要的。我有两个组:(组 id:1 用于管理员,组 id:2 用于客户)。管理员可以访问所有控制器和视图。客户可以访问用户控制器中的编辑视图和视图“视图”。
我的问题是,如果客户(以及未登录的用户)在他们的网络浏览器中写:http://www.myadress.com/admin,他们可以访问。我只是不明白为什么,我必须做其他事情,因为我添加了路由管理员?
我在我的控制器 Page 中创建了一个 admin_index 视图。
我的应用控制器:
<?php
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array(
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
)
),
'Session'
);
public $helpers = array('Html', 'Form', 'Session');
public function beforeFilter() {
parent::beforeFilter();
//Configure AuthComponent
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
$this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'home');
if(isset($this->request->params["prefix"]) && $this->request->params["prefix"] == "admin"){
$this->layout = "admin";
} else {
$this->layout = "default";
}
}
}
我的页面控制器:
<?php
App::uses('AppController', 'Controller');
class PagesController extends AppController {
public $uses = array();
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow();
}
public function display() {
$path = func_get_args();
$count = count($path);
if (!$count) {
return $this->redirect('/');
}
$page = $subpage = $title_for_layout = null;
if (!empty($path[0])) {
$page = $path[0];
}
if (!empty($path[1])) {
$subpage = $path[1];
}
if (!empty($path[$count - 1])) {
$title_for_layout = Inflector::humanize($path[$count - 1]);
}
$this->set(compact('page', 'subpage', 'title_for_layout'));
try {
$this->render(implode('/', $path));
} catch (MissingViewException $e) {
if (Configure::read('debug')) {
throw $e;
}
throw new NotFoundException();
}
}
public function admin_index() {
$title_for_layout = 'Dashboard';
$this->set(compact('title_for_layout'));
}
}
routes.php
* Here, we are connecting '/' (base path) to controller called 'Pages',
* its action called 'display', and we pass a param to select the view file
* to use (in this case, /app/View/Pages/home.ctp)...
*/
Router::connect('/', array('controller' => 'pages', 'action' => 'display', 'home'));
/**
* ...and connect the rest of 'Pages' controller's urls.
*/
Router::connect('/pages/*', array('controller' => 'pages', 'action' => 'display'));
Router::connect('/admin', array('controller' => 'pages', 'action' => 'index', 'admin' => true));
LabController(这是我用来设置 acl 参数的控制器)
<?php
class LabController extends AppController {
public $uses = array('User', 'Group');
public function beforeFilter() {
parent::beforeFilter();
// Pour CakePHP 2.1 et supérieurs
$this->Auth->allow();
}
public function setacl() {
$group = $this->User->Group;
// Autorise l'accès à tout pour les admins
$group->id = 1;
$this->Acl->allow($group, 'controllers');
// Autorisation de l'édition du profil pour les clients
$group->id = 2;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/users/edit');
$this->Acl->allow($group, 'controllers/users/view');
// Permet aux utilisateurs classiques de se déconnecter
$this->Acl->allow($group, 'controllers/users/logout');
// Nous ajoutons un exit pour éviter d'avoir un message d'erreur affreux "missing views" (manque une vue)
echo "tout est ok";
exit;
}
.... 之后的函数 build_acl ...
【问题讨论】: