cakePHP权限使用ACL并检查模型上的user_id

时间:2022-12-12 16:49:02

I have my cakePHP application running with acl permissions enabled. I have allowed a group of users to be able to access all of the actions on one of my controllers but sometimes I want to be able to deny access if their user id does not match the user id value in the model they are trying to access or based on some other arbitrary criteria.

我的cakePHP应用程序在启用了acl权限的情况下运行。我允许一组用户能够访问我的某个控制器上的所有操作,但有时我希望能够拒绝访问,如果他们的用户ID与他们尝试访问的模型中的用户ID值不匹配或基于其他一些任意标准。

So.. What is the conventional way to deny users access to actions when the user already has access to the action from the ACL component?

那么当用户已经从ACL组件访问操作时,拒绝用户访问操作的常规方法是什么?

1 个解决方案

#1


0  

TLDR: don't use ACL. (It's most likely way overkill AND doesn't seem ideal in your project).

TLDR:不要使用ACL。 (这很可能是矫枉过正的,在你的项目中似乎并不理想)。

There are a lot of options, depending on your situation, but it boils down to making a method that checks whether or not they have permission to be there/be doing that.

根据您的具体情况,有很多选择,但它归结为制作一种方法来检查他们是否有权在那里/正在这样做。

Whether it's a method in the Controller, the Model, or a Behavior that can be used across all models...etc.

无论是Controller中的方法,模型还是可以在所有模型中使用的行为......等等。

My guess from your description is that an ideal way would be to create a Behavior with a method "hasAccess" or something. Then, in the "some actions" where you want to limit access, run the method - something like this:

我从您的描述中猜测,理想的方法是使用方法“hasAccess”或其他方法创建一个行为。然后,在要限制访问的“某些操作”中,运行方法 - 如下所示:

if(!$this->MyModel->hasAccess($userId)) $this->redirect('/');

#1


0  

TLDR: don't use ACL. (It's most likely way overkill AND doesn't seem ideal in your project).

TLDR:不要使用ACL。 (这很可能是矫枉过正的,在你的项目中似乎并不理想)。

There are a lot of options, depending on your situation, but it boils down to making a method that checks whether or not they have permission to be there/be doing that.

根据您的具体情况,有很多选择,但它归结为制作一种方法来检查他们是否有权在那里/正在这样做。

Whether it's a method in the Controller, the Model, or a Behavior that can be used across all models...etc.

无论是Controller中的方法,模型还是可以在所有模型中使用的行为......等等。

My guess from your description is that an ideal way would be to create a Behavior with a method "hasAccess" or something. Then, in the "some actions" where you want to limit access, run the method - something like this:

我从您的描述中猜测,理想的方法是使用方法“hasAccess”或其他方法创建一个行为。然后,在要限制访问的“某些操作”中,运行方法 - 如下所示:

if(!$this->MyModel->hasAccess($userId)) $this->redirect('/');