CakePHP w/ ACL:许多组的最佳实践是路由?
我正在开发一个具有 6 个 ARO 组的应用程序,以便覆盖所需的权限范围。每个都有 *_add、*_edit、*_index、*_view 等方法真的是最佳实践吗?这看起来有点代码过载和维护麻烦。我可以想象通过路由处理它的“最便宜”的方式是这样的:
// core: edit
function _edit($id = null)
{
// do stuff
}
function admin_edit($id = null)
{
$this->_edit($id);
}
function manager_edit($id = null)
{
$this->_edit($id);
}
function clerk_edit($id = null)
{
$this->_edit($id);
}
/* ...and on and on... */
并在必要时加入限制,例如,允许一个组只编辑用户自己的项目或类似的东西。
是否有其他推荐的技术或者这确实是最佳实践?
I'm working on an app that will have 6 ARO groups in order to cover the required permissions spectrum. It is really best practice to have *_add, *_edit, *_index, *_view, etc. methods for each? That seems like a bit of code overload and maintenance headache. The "cheapest" way I can imagine to handle it with routing is something like:
// core: edit
function _edit($id = null)
{
// do stuff
}
function admin_edit($id = null)
{
$this->_edit($id);
}
function manager_edit($id = null)
{
$this->_edit($id);
}
function clerk_edit($id = null)
{
$this->_edit($id);
}
/* ...and on and on... */
And toss in restrictions where necessary for, say, a group being allowed to only edit user's own items, or something similar.
Is there another recommended technique or is this really the best practice?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
想必您想为每个组提供不同的功能?
如果不是这种情况,则无需为每个组使用不同的 CRUD 方法。
另一方面,如果是这种情况,请查看 CRUD 方法中的 switch 语句来找出谁拥有什么能力。
不需要每个组都有一个方法。
Presumably you want to offer different functionality for each group?
If that's not the case, there is no need for different CRUD methods for each group.
If, on the other hand, it is the case, look into switch statements within the CRUD methods to sort out who has what capability.
There is no need to have a method for each group.