cakePHP如何获取权限

发布于 2024-10-22 19:48:43 字数 2097 浏览 7 评论 0原文

首先,对不起我的语言能力,我不习惯用英语写作。 ;)
我正在尝试开发我的第一个 cakePHP 应用程序。

我想做的事:

  • 用户在组中并且组有 访问不同的位置。
  • 用户可以为此添加预订 地点。

所以我的主要问题是找到获得用户权限的最佳方法:

  • 用户应该只看到他有权访问的位置。
  • 如果用户尝试添加某个位置的预订,我必须检查他对此位置的权限。
  • 等等。

我也有版主和管理员,但我认为这是一个类似的问题。

那么,我怎样才能正确地做到这一点呢? ACL 似乎不是正确的方式 - 在大多数教程中,它控制对操作的访问,而不是对数据库行的访问。

我的数据库是什么样的:
我有一个用户表并使用 AuthComponent 来管理身份验证。这很好用。

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `email` varchar(64) NOT NULL,
  `password` varchar(64) NOT NULL,
  `enabled` tinyint(1) NOT NULL,
  `created` datetime NOT NULL,
  `modified` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)
) 

我有一个用户组的组表。

CREATE TABLE IF NOT EXISTS `groups` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(64) NOT NULL,
  `created` datetime NOT NULL,
  `modified` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
)


CREATE TABLE IF NOT EXISTS `groups_users` (
  `group_id` int(11) NOT NULL,
  `user_id` int(11) NOT NULL,
  UNIQUE KEY `group_id` (`group_id`,`user_id`)
) 

我有我的位置。

CREATE TABLE IF NOT EXISTS `locations` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(64) NOT NULL,
  `adress` text NOT NULL,
  `description` text,
  `created` datetime DEFAULT NULL,
  `modified` datetime DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
) 

该表包含权限,即哪个组可以访问哪个位置。

CREATE TABLE IF NOT EXISTS `groups_locations` (
  `group_id` int(11) NOT NULL,
  `location_id` int(11) NOT NULL,
  UNIQUE KEY `group_id` (`group_id`,`location_id`)
)

当然预订表:

CREATE TABLE IF NOT EXISTS `reservations` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `location_id` int(11) NOT NULL,
  `start` date NOT NULL,
  `end` date NOT NULL,
  `user_id` int(11) NOT NULL,
  `created` datetime DEFAULT NULL,
  `modified` datetime DEFAULT NULL,
  PRIMARY KEY (`id`)
) 

THX

First, sorry for my language skills, I am not used to writing in English. ;)
I'm trying to develop my first cakePHP application.

What I'm trying to do:

  • Users are in groups and groups have
    access to different locations.
  • Users can add reservations for this
    locations.

So my main problem is to find the best way to get the permissions of the user:

  • The user should only see the locations on which he has access.
  • If a user tries to add a reservation for a location, I have to check his permission for this location.
  • etc.

I also have moderators and admins, but I think this is a similar problem.

So, how can I do this properly? The ACL doesn't seem to be the right way - in most tutorials it controls the access to actions, not to db-rows.

What my Database looks like:
I have a user table and use the AuthComponent to manage the authentication. This works fine.

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `email` varchar(64) NOT NULL,
  `password` varchar(64) NOT NULL,
  `enabled` tinyint(1) NOT NULL,
  `created` datetime NOT NULL,
  `modified` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)
) 

I have a groups table for usergroups.

CREATE TABLE IF NOT EXISTS `groups` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(64) NOT NULL,
  `created` datetime NOT NULL,
  `modified` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
)


CREATE TABLE IF NOT EXISTS `groups_users` (
  `group_id` int(11) NOT NULL,
  `user_id` int(11) NOT NULL,
  UNIQUE KEY `group_id` (`group_id`,`user_id`)
) 

And I have my locations.

CREATE TABLE IF NOT EXISTS `locations` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(64) NOT NULL,
  `adress` text NOT NULL,
  `description` text,
  `created` datetime DEFAULT NULL,
  `modified` datetime DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
) 

The table contains the permissions, which group has access to which location.

CREATE TABLE IF NOT EXISTS `groups_locations` (
  `group_id` int(11) NOT NULL,
  `location_id` int(11) NOT NULL,
  UNIQUE KEY `group_id` (`group_id`,`location_id`)
)

Of course the reservations table:

CREATE TABLE IF NOT EXISTS `reservations` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `location_id` int(11) NOT NULL,
  `start` date NOT NULL,
  `end` date NOT NULL,
  `user_id` int(11) NOT NULL,
  `created` datetime DEFAULT NULL,
  `modified` datetime DEFAULT NULL,
  PRIMARY KEY (`id`)
) 

THX

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

走过海棠暮 2024-10-29 19:48:43

您确定需要 groups_users 表吗?每个用户不是只能属于一个组吗?

如果您只需将组 id 作为外键放入用户表中,您将能够更轻松地完成此操作

    CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `email` varchar(64) NOT NULL,
  `password` varchar(64) NOT NULL,
  `enabled` tinyint(1) NOT NULL,
  `created` datetime NOT NULL,
  `modified` datetime NOT NULL,
  `group_id` int(11) NOT NULLL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)
)

然后您可以将用户是否应该能够

在您的 app_controller 中看到某些信息发送到视图。 php 添加以下内容

function beforeFilter(){
    $this->set('users_role', $this->Auth->user('group_id'));
}

现在您的视图将有一个可访问的变量,该变量将是 $users_role... 然后您可以在视图中执行以下操作。

<?php if($users_role == 1 ): ?>
    //show records available to admins
<?php elseif ($users_role == 2): ?>
    //show records available to logged in users
<?php else : ?>
    //show records for all users
<?php endif; ?>

Are you sure that you need the groups_users table? Wouldn't each user only be able to belong to one group?

You will be able to accomplish this much easier if you just bring the group id into the users table as a foreign key

    CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `email` varchar(64) NOT NULL,
  `password` varchar(64) NOT NULL,
  `enabled` tinyint(1) NOT NULL,
  `created` datetime NOT NULL,
  `modified` datetime NOT NULL,
  `group_id` int(11) NOT NULLL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)
)

Then you can send to the view whether or not the user should be able to see certain information...

in your app_controller.php add the following

function beforeFilter(){
    $this->set('users_role', $this->Auth->user('group_id'));
}

Now you will have a variable accessable by your view which will be $users_role... then you can perform the following in your view.

<?php if($users_role == 1 ): ?>
    //show records available to admins
<?php elseif ($users_role == 2): ?>
    //show records available to logged in users
<?php else : ?>
    //show records for all users
<?php endif; ?>
谈情不如逗狗 2024-10-29 19:48:43

也许我有一个解决方案 - 我可以使用一些反馈:

用户登录后,我将权限保存在他的会话变量中:

    function login() {
        if($user = $this->Auth->user()) {       
            $this->User->unbindModel(array(
                    'hasMany' => array('Reservation'),
            ));
            $user = $this->User->find('first', array('conditions' => array('id' => $user['User']['id']), 'recursive' => 2));
            $this->Session->write('Auth.User.Group', $user['Group']);
    }

我不确定这个解决方案有多安全,权限更改仅在注销后影响,但似乎工作正常。

Maybe I have a solution - I could use some feedback:

After the user logged in, I save the permissions in his Session-Variables:

    function login() {
        if($user = $this->Auth->user()) {       
            $this->User->unbindModel(array(
                    'hasMany' => array('Reservation'),
            ));
            $user = $this->User->find('first', array('conditions' => array('id' => $user['User']['id']), 'recursive' => 2));
            $this->Session->write('Auth.User.Group', $user['Group']);
    }

I'm not sure how secure this solution is and permission changes only affects after logout, but it seems to work fine.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文