Cakephp html2pdf 身份验证问题

发布于 2024-10-15 11:12:46 字数 1922 浏览 9 评论 0原文

我对蛋糕很陌生,但到目前为止我已经设法完成了。在我发现 html2pdf 是一种从 Cakephp 生成 pdf 文档的便捷方法之后,我安装了 html2ps/pdf 并在遇到一些小问题后它起作用了。所以现在我要说的是,如果我不修改我的控制器 beforeRender 函数,例如:

function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('download','view');
}

我只会在我创建的 pdf 中看到我的登录页面。在我的 beforeRender 函数中设置 $this->Auth->allow 值显然为每个人打开了无需授权即可获得完美 pdf 的方法。整个控制器看起来像这样:

<?php 
class DashboardController extends AppController {

   var $name = 'Dashboard'; 
   var $uses = array('Aircrafts','Trainingplans',
                       'Fstds','Flights','Properties','Person');            

   function beforeFilter() {
     parent::beforeFilter();
     $this->Auth->allow('download','view');
   } 

   function view() {
      /* set layout for print */        
      $this->layout = 'pdf';        
      /* change layout for browser */
      if> (!isset($this->params['named']['print']))
      $this->layout = 'dashboard';
      /* aircrafts */
      $this->Aircrafts->recursive = 0;
      $aircrafts =$this->Aircrafts->find('all');
      $this->set('aircrafts',$aircrafts);

.... and so on....

      $this->set('person_properties',$person_properties);
  } 


   function download($id = null) {
      $download_link = 'dashboard/view/print:1';
      // Include Component
      App::import('Component', 'Pdf');
      // Make instance
      $Pdf = new PdfComponent();
      // Invoice name (output name)
      $Pdf->filename = 'dashboard-' . date("M"); 
      // You can use download or browser here
      $Pdf->output = 'download';
      $Pdf->init();
      // Render the view
      $Pdf->process(Router::url('/', true) . $download_link);
      $this->render(false);
   } 
}
?>

所以在我看来, $Pdf->process 调用通过调用或多或少的视图来获取数据,但是这个进程没有登录,或者换句话说,没有被授权获取数据我想渲染成pdf。所以现在的问题是如何通过不向所有人开放我的申请来完成它。

最好的问候,cdjw

i am new with cake but i´ve somehow managed to get through so far. After i´ve figured out that html2pdf is a convienient way to produce pdf documents out of Cakephp, i´ve installed html2ps/pdf and after some minor problems it worked. So now i am coming now to the point that if i don´t modify my controllers beforeRender function like:

function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('download','view');
}

i just see my loginpage in the pdf i´ve created. Setting within my beforeRender function the $this->Auth->allow value opens obviously erveryone the way to get a perfect pdf without being authorized. The whole controller looks like this:

<?php 
class DashboardController extends AppController {

   var $name = 'Dashboard'; 
   var $uses = array('Aircrafts','Trainingplans',
                       'Fstds','Flights','Properties','Person');            

   function beforeFilter() {
     parent::beforeFilter();
     $this->Auth->allow('download','view');
   } 

   function view() {
      /* set layout for print */        
      $this->layout = 'pdf';        
      /* change layout for browser */
      if> (!isset($this->params['named']['print']))
      $this->layout = 'dashboard';
      /* aircrafts */
      $this->Aircrafts->recursive = 0;
      $aircrafts =$this->Aircrafts->find('all');
      $this->set('aircrafts',$aircrafts);

.... and so on....

      $this->set('person_properties',$person_properties);
  } 


   function download($id = null) {
      $download_link = 'dashboard/view/print:1';
      // Include Component
      App::import('Component', 'Pdf');
      // Make instance
      $Pdf = new PdfComponent();
      // Invoice name (output name)
      $Pdf->filename = 'dashboard-' . date("M"); 
      // You can use download or browser here
      $Pdf->output = 'download';
      $Pdf->init();
      // Render the view
      $Pdf->process(Router::url('/', true) . $download_link);
      $this->render(false);
   } 
}
?>

So in my opinion the $Pdf->process call get´s the data by calling more or less the view, but this process is not logged in, or in other words not authorized to get the data i want to render into the pdf. So the question is now how to get it done by not opening my application to everyone.

Best regards, cdjw

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

送你一个梦 2024-10-22 11:12:46

编辑:

你可以这样做:

 if($this->Session->check('Auth.User')) {
        // do your stuff
 } else {
        // do something else
 }

Edit:

You could do something like this:

 if($this->Session->check('Auth.User')) {
        // do your stuff
 } else {
        // do something else
 }
场罚期间 2024-10-22 11:12:46

您可以在渲染 /view 之前检查两件事:

  • 有效的会话(用户已登录)
  • 您从下载操作中作为命名参数传递的有效安全令牌

对于安全令牌,只需组成一个长随机字符串即可。

由于 PDF 在同一服务器上呈现,因此令牌永远不会被公开,并提供足够的安全性。

希望这对您来说是一个可行的想法。

You could check for 2 things before rendering /view:

  • a valid session (a user is logged in)
  • a valid security token that you pass from your download action as a named parameter

For the security token, just make up a long random string.

As the PDF is rendered on the same server, the token will never be known in the open and provide sufficient security.

Hope this is a working idea for you.

始终不够爱げ你 2024-10-22 11:12:46

我也遇到过类似的问题,我是这样处理的...
我首先注意到 PdfComponent 的进程调用正在执行来自同一服务器的请求,因此我欺骗了 CakePHP,只允许查看来自服务器本身的请求。如下所示:

public function beforeFilter() {
    if ($this->request->params['action']=='view'&&$_SERVER['SERVER_ADDR']==$_SERVER['REMOTE_ADDR']) { // for PDF access
        $this->Auth->allow('view');
    }
}

I had this similar issue, and this is how I handled it...
I first noticed that the process call of the PdfComponent was doing a request from the same server, so I tricked CakePHP on allowing the view only for requests being made from the server itself.. like this:

public function beforeFilter() {
    if ($this->request->params['action']=='view'&&$_SERVER['SERVER_ADDR']==$_SERVER['REMOTE_ADDR']) { // for PDF access
        $this->Auth->allow('view');
    }
}
锦欢 2024-10-22 11:12:46

你应该把它放在

$this->Auth->allow('download','view');

AppController 里面。而不是你现在使用的地方。

function beforeFilter() {
    $this->Auth->allow('download','view');
    ....
}

You should put

$this->Auth->allow('download','view');

inside AppController. rather than place where are you using now.

function beforeFilter() {
    $this->Auth->allow('download','view');
    ....
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文