使用 Zend ACL 拒绝对操作的访问会导致导航链接消失
我有一个包含四个操作的调度控制器:
class ScheduleController extends Zend_Controller_Action {
public function indexAction(){ ... }
public function viewAction(){ ... }
public function addAction(){ ... }
public function deleteAction(){ ... }
}
因此,我使用如下数组设置了 Zend_Navigation:
array(
...other links here...
array(
'controller'=> 'schedule',
'action' => 'index',
'label' => 'Schedule',
'resource' => 'schedule',
'privilege' => 'index',
'privilege' => 'view',
'privilege' => 'add',
'privilege' => 'edit',
)
);
我还在 ACL 中创建了两个组: users 和 user 组。管理员。我想对其进行设置,以便用户可以访问“索引”和“视图”,而管理员可以访问所有内容。所以我从这个开始:
class My_AccessControlList extends Zend_Acl {
$this->addRole(new Zend_Acl_Role('user'));
$this->addRole(new Zend_Acl_Role('admin'), 'user');
...
$this->addResource(new Zend_Acl_Resource('schedule'));
$this->deny();
...
现在,似乎除非我添加这一行:
$this->allow('user', 'schedule');
链接将不会显示在导航中。然后,如果我添加以下内容:
$this->deny('user', 'schedule', 'add');
用户被阻止执行“添加”操作,到目前为止一切顺利。但如果我随后添加:
$this->deny('user', 'schedule', 'edit');
--or change it to this--
$this->deny('user', 'schedule', array('add', 'edit'));
用户会被适当阻止,但链接会从导航对象中消失。有谁知道我做错了什么?谢谢。
I have a schedule controller with four actions:
class ScheduleController extends Zend_Controller_Action {
public function indexAction(){ ... }
public function viewAction(){ ... }
public function addAction(){ ... }
public function deleteAction(){ ... }
}
So I've set up Zend_Navigation with an array like so:
array(
...other links here...
array(
'controller'=> 'schedule',
'action' => 'index',
'label' => 'Schedule',
'resource' => 'schedule',
'privilege' => 'index',
'privilege' => 'view',
'privilege' => 'add',
'privilege' => 'edit',
)
);
And I've also created two groups in the ACL: users & admins. I want to set it up so that users can access 'index' and 'view', while admins can access everything. So I started with this:
class My_AccessControlList extends Zend_Acl {
$this->addRole(new Zend_Acl_Role('user'));
$this->addRole(new Zend_Acl_Role('admin'), 'user');
...
$this->addResource(new Zend_Acl_Resource('schedule'));
$this->deny();
...
Now, it seems that unless I add this line:
$this->allow('user', 'schedule');
the link will not show up in the navigation. Then if I add this:
$this->deny('user', 'schedule', 'add');
users are blocked from the 'add' action, so far so good. But if I then add:
$this->deny('user', 'schedule', 'edit');
--or change it to this--
$this->deny('user', 'schedule', array('add', 'edit'));
the users are blocked appropriately but the link disappears from the Navigation object. Does anyone know what I'm doing wrong? Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
...您将“privilege”键覆盖三次,这会产生一个包含最后一个值“edit”的键“privilege”的数组。 “特权”键应包含四个值的数组
...you are overwritting the 'privilege' key three times, which results in an array with a key 'privilege' containing the last value 'edit'. The 'privilege' key should contain an array of four values