如何限制用户只能访问自己的信息
我按照蛋糕手册中的 Acl 示例进行操作。
成功后,我有更多申请问题 Acl到我的项目
function initDB() {
$group = & $this->User->Group;
//Allow admins to everything
$group->id = 1;
$this->Acl->allow($group, 'controllers');
//allow managers to posts and widgets
$group->id = 2;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Posts');
$this->Acl->allow($group, 'controllers/Widgets');
//allow users to only add and edit on posts and widgets
$group->id = 3;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Posts/add');
$this->Acl->allow($group, 'controllers/Posts/edit');
$this->Acl->allow($group, 'controllers/Widgets/add');
$this->Acl->allow($group, 'controllers/Widgets/edit');
//we add an exit to avoid an ugly "missing views" error message
echo "all done";
exit;
}
代码中
1.如何限制用户只能访问自己的信息
2.我需要在拒绝用户访问操作时发出警报
3.当以任何角色登录时,我无法访问注销操作
谢谢
I follow Acl example in manual of cake .
When success I have more question for apply
Acl to My project
function initDB() {
$group = & $this->User->Group;
//Allow admins to everything
$group->id = 1;
$this->Acl->allow($group, 'controllers');
//allow managers to posts and widgets
$group->id = 2;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Posts');
$this->Acl->allow($group, 'controllers/Widgets');
//allow users to only add and edit on posts and widgets
$group->id = 3;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Posts/add');
$this->Acl->allow($group, 'controllers/Posts/edit');
$this->Acl->allow($group, 'controllers/Widgets/add');
$this->Acl->allow($group, 'controllers/Widgets/edit');
//we add an exit to avoid an ugly "missing views" error message
echo "all done";
exit;
}
In code
1.How to limit user to access only the information of his own
2.I need to alert when deny user access to action
3.when login as any role I can't acess to logout action
thank you
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您需要基于行的 ACL,而不是您显示的基于操作的 ACL http://jmcneese.wordpress.com/2009/04/07/update-row-level-model-access-control-for-cakephp/
you need row based acl, not the action based one you have shown http://jmcneese.wordpress.com/2009/04/07/update-row-level-model-access-control-for-cakephp/
CakePHP 的 ACL 组件可能有点令人失望。与Zend框架中的ACL组件相比,它显得相当缺乏。
我从未尝试过dogmatic69 提到的插件。在我的应用程序中,我决定使用 ACL 来实现 ACL 所擅长的功能,并在需要限制对行和其他内容的访问的情况下找到其他权限检查方法,而不是使用插件。
我此时对使用插件的唯一担心是 CakePHP 2.0 现已作为 Alpha 发布,如果您选择使用此插件,可能会延迟/阻碍您升级。然而,这个插件的开发似乎相当活跃,因此很有可能将其更新为与 2.0 一起使用(如果一开始就有问题)。
CakePHP's ACL component can be a little disappointing. Compared to the ACL component in the Zend framework it seems quite lacking.
I've never tried the plugin that dogmatic69 refers to. In my application I have decided to use ACL for what ACL is good at and find other ways of permission checking in situations where I need to restrict access to rows and other things, instead of using a plugin.
My only concern about using a plugin at this point is that CakePHP 2.0 is now released as Alpha and using this plugin could delay / hinder you in upgrading if you choose to. Development on this plugin does seem to be fairly active however, so there is a good chance it will be updated to work with 2.0 (if there are problems to begin with).