cakephp acl aros_acos 悖论
我正在尝试使用 Auth 和 Acl 组件在我的 cakePHP 站点中实现身份验证/授权组合,但我的实现中发生了一些奇怪的事情。我有正确的 acos、aros 和 aros_acos 表,它们似乎在某种程度上可以工作。
我已经像这样映射了我的操作:
$this->Auth->mapActions(array('read' => array('view'), 'update' => array('edit')));
我的 acos 表如下所示:
- 网站
- 1.1 页面
- 1.2 用户
- 1.3 组
- 1.4 管理
和 aros 表:
- 用户
- 1.1 editors
- 1.1.1 admins
- 1.1.1.1 admin_name
- 1.2 Regular_user
用户、编辑者和管理员都是组。 Admin_name 是管理员用户,是 admins 组的成员,regular_user 是 users 组的成员。
现在,在 aros_acos 表中,如果我向“用户”组授予“页面”的 CRUD 权限,如下所示: 0 1 1 0 (赋予他们读取和更新的权利),那么一切都会正常工作(至少对于“页面”)查看”和“编辑”操作)。但是如果我输入 0 1 0 0 (仅读取权限),那么我会被重定向到“/”,我注意到的一件特别的事情是它不会调用 app_controller 或至少调用 beforeFilter() 函数应用程序控制器。
此外,我编写了 beforeFilter() ,以便当用户无权访问 crud 时,给他一个 $this->flash 消息,让他知道他“未经授权”(我必须这样做这,因为 $this->Auth->authError 似乎不起作用)。因此,考虑到这一点,我现在为用户组重写 aros_acos 表,如下所示: 0 0 1 0 (仅允许更新),这次当我访问“查看”操作时,我收到了闪存消息(这是正确的)因为我没有访问它的权限),但当我尝试访问“编辑”操作时,我也会收到闪存消息。
我错过了一些东西,而且我不知道是什么。我写了这个问题,希望在完成之前,我能自己想出解决方案......但没有运气。我仍然不知道发生了什么,我猜这是一些控制器的事情......你有什么想法吗?
I'm trying to implement an authentication/authorization combo into my cakePHP site using Auth and Acl Components, but something odd is happening with my implementation. I've got the right acos, aros and aros_acos tables, and they seem to work at some level.
I have mapped my actions like this:
$this->Auth->mapActions(array('read' => array('view'), 'update' => array('edit')));
My acos table looks like this:
- Site
- 1.1 Pages
- 1.2 Users
- 1.3 Groups
- 1.4 Admin
and aros table:
- users
- 1.1 editors
- 1.1.1 admins
- 1.1.1.1 admin_name
- 1.2 regular_user
Users, editors and admins are groups. Admin_name is an admin user, member of the admins group, and regular_user is a member of the users group.
Now, in the aros_acos table, if I give 'users' group the CRUD rights for a 'page' like this: 0 1 1 0 (which gives them the right to read and update) then everything works fine (at least for the 'view' and 'edit' actions). But if I put 0 1 0 0 (only the right to read) then I get redirected to '/', and one particular thing that I have noticed is that it doesn't call the app_controller or at least the beforeFilter() function in the app_controller.
Moreover, I've written the beforeFilter() so that when a user does not have access to a crud, to give him a $this->flash message, letting him know that he is "not authorized" (I had to do this, as $this->Auth->authError doesn't seem to work). So, with that in mind, I now rewrite the aros_acos table for the users group like this: 0 0 1 0 ( permission only to update ) and this time I get the flash message when I access the 'view' action (which is correct since I don't have the permission to access it), but I also get the flash message when I try to access the 'edit' action.
I'm missing something, and I don't know what. I've written this question, hoping that before finishing it, I would come up with the solution myself...but no luck. I still don't know what is happening, I guess it is some controller thing...Have you got any ideas ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
想法1->在视图页面的某个地方,您是否偶然对另一个页面进行了 requestAction?它可能来自视图页面或视图页面上的元素。
想法2->构建完整的地图操作。这可能不是问题,但最好从这里开始。
如有必要,不要害怕将代码一直跟踪到身份验证组件。只需 pr() 直到找到它的重定向位置。具体找出导致问题的原因。
确保您的会话正确并且在此过程中不会发生更改。
想法3->您是否正确“重建”了 acl 表?可能是数据问题。我建议您使用 createAco()、createAro() 和 $this->Acl->allow() 函数来确保数据正确并且所有键都正确。 (检查一下不会有什么坏处)
这是您必须一步一步地通过应用程序进行跟踪的问题之一。我正在使用当前稳定的 CakePHP,没有发现任何问题。
Thought 1 -> Somewhere in the view page, do you have a requestAction to another page by chance? It might come from a view page or an element on a view page.
Thought 2 -> Build out your complete mapActions. This might not be an issue, but it's good to start here.
Don't be afraid to trace the code all the way to the Auth Component if necessary. Just pr() until you find where it's redirecting. Figure out specifically what is causing the problem.
Be sure your session is correct and doesn't get changed in the process.
Thought 3 -> Do you "rebuild" the acl tables properly? It may be a data issue. I would suggest that you use the createAco(), createAro(), and $this->Acl->allow() functions to be sure the data is correct and all the keys are correct. (never hurts to check)
This is one of those issues where you have to go step by step and trace through the app. I'm using the current stable CakePHP and haven't found any issues.