Kohana 3授权码修改
我直接使用 kohana 指南中的代码来根据登录凭据保护网站
问题是代码似乎只检查用户是否登录并且不区分角色。
我如何修改此脚本以仅允许管理员访问此操作
在基本控制器中,我
public $assert_auth = FALSE;
public $assert_auth_actions = FALSE;
public function before()
{
parent::before();
$this->_user_auth();
}
protected function _user_auth()
{
$action_name = Request::instance()->action;
if (($this->assert_auth !== FALSE && Auth::instance()->logged_in($this->assert_auth) === FALSE)
|| (is_array($this->assert_auth_actions) && array_key_exists($action_name, $this->assert_auth_actions)
&& Auth::instance()->logged_in($this->assert_auth_actions[$action_name]) === FALSE))
{
if (Auth::instance()->logged_in())
{
Request::instance()
->redirect('');
}
else
{
Request::instance()
->redirect('admin/login');
}
}
在管理页面的控制器中有代码
public $assert_auth_actions = array(
'index' => array('login')
);
I am using code straight out of a kohana guide for securing websites based on login credentials
The problem is the code seems to only check if a user is logged in and does not distinguish between role.
How would I modify this script to only allow the admin to access this action
In the base controller I have the code
public $assert_auth = FALSE;
public $assert_auth_actions = FALSE;
public function before()
{
parent::before();
$this->_user_auth();
}
protected function _user_auth()
{
$action_name = Request::instance()->action;
if (($this->assert_auth !== FALSE && Auth::instance()->logged_in($this->assert_auth) === FALSE)
|| (is_array($this->assert_auth_actions) && array_key_exists($action_name, $this->assert_auth_actions)
&& Auth::instance()->logged_in($this->assert_auth_actions[$action_name]) === FALSE))
{
if (Auth::instance()->logged_in())
{
Request::instance()
->redirect('');
}
else
{
Request::instance()
->redirect('admin/login');
}
}
in the controllers for the admin pages there is the code
public $assert_auth_actions = array(
'index' => array('login')
);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先我想指出,上面的代码适用于 Kohana 3.0,对于 3.1 及更高版本,您应该将 Request::instance()->action 替换为 Request::$current->action()。
如果您希望控制器中的所有操作都具有相同的授权要求,请将 $assert_auth 设置为一个数组,其中包含应该访问它的所有角色的列表。
如果您希望同一控制器中的操作具有不同的授权要求,请将 $assert_auth_actions 设置为多维数组。第一个维度应该是操作的名称,选择用户访问该操作必须具有的角色列表。
First I want to note that the above code is for Kohana 3.0, for 3.1 and higher you should replace Request::instance()->action by Request::$current->action().
If you want all the same authorization requirements for all actions in the controller, then set $assert_auth to an array containing a list of all the roles one should have to access it.
If you want different authorization requirements for actions in the same controller then set $assert_auth_actions to be a multidimensional array. The first dimension should be the name of the action, the select a list of roles the user must have to access the action.