当用户访问不允许访问_unauthorized方法的操作时,错误地重定向
正确:localhost / project / index
他的重定向:localhost / project / project / index
我正在使用acl
AppController.php
<?php
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array('Acl','Session','DebugKit.Toolbar','RequestHandler','Auth');
public $helpers = array('Html','Form','Session');
public $uses = array('Role');
public $roleId;
public $UAP;
public $aroId;
public function beforeFilter()
{
if ($this->Session->check('Config.language')) {
Configure::write('Config.language', $this->Session->read('Config.language'));
}
$this->Auth->authorize = array(
AuthComponent::ALL => array('actionPath' => 'controllers/','userModel' => 'Role'),
'Actions',
);
$this->Auth->authenticate = array(
'Blowfish' => array(
'userModel' => 'User'
)
);
if(!$this->_isAdmin()){
$this->roleId = $this->getRoleId();
$this->UAP = $this->Role->find('first',array('conditions'=>array('Role.id'=>$this->roleId)));
$aro = $this->Acl->Aro->find('first',array(
'conditions'=>array(
'Aro.model'=>'Role',
'Aro.foreign_key'=>$this->roleId)));
$this->aroId = $aro['Aro']['id'];
$allow = array_merge($this->_getAllowed(), array('display'));
$this->Auth->allowedActions = $allow;
}
//Configure AuthComponent
$this->Auth->loginAction = array(
'controller' => 'users',
'action' => 'login'
);
$this->Auth->logoutRedirect = array(
'controller' => 'users',
'action' => 'login'
);
$this->Auth->loginRedirect = array(
'controller' => 'pages',
'action' => 'display',
'home'
);
$this->Auth->authError = __('Not Authorized');
return parent::beforeFilter();
}
protected function _getAllowed($actionsIds = null, $controllerActions = null){
if(is_null($actionsIds)){
$actionsIds = $this->_getAllowedActionsIds();
}
if(is_null($controllerActions)){
$controllerActions = $this->_getControllerActions();
}
$allow = array();
foreach ($actionsIds as $value) {
array_push($allow, $controllerActions[$value]);
}
return $allow;
}
protected function _getAllowedActionsIds($allowedActions = null){
if(is_null($allowedActions)){
$allowedActions = $this->_getAllowedActions();
}
return array_values($allowedActions);
}
protected function _getAllowedActions($aroId = null, $acoId = null){
if(is_null($aroId)){
$aroId = $this->aroId;
}
if(is_null($acoId)){
$acoId = $this->_getControllerActionsIds();
}
$result = $this->Acl->Aco->Permission->find('list',array(
'conditions'=>array(
'Permission.aro_id'=>$aroId,
'Permission.aco_id'=>$acoId,
'Permission._create'=>1,
'Permission._read'=>1,
'Permission._update'=>1,
'Permission._delete'=>1,
),
'fields'=>array('id','aco_id'),
'recursive'=>'-1'));
return $result;
}
protected function _getControllerActionsIds($controllerActions = null){
if(is_null($controllerActions)){
$controllerActions = $this->_getControllerActions();
}
return array_keys($controllerActions);
}
protected function _getControllerActions($node = null){
if(is_null($node)){
$node = $this->_getNodeController();
}
return $this->Acl->Aco->find(
'list',array(
'conditions'=>array('Aco.parent_id'=>$node['0']['Aco']['id']),
'fields'=>array('Aco.id','Aco.alias'),
'recursive'=>'-1',
));
}
protected function _getNodeController(){
return $this->Acl->Aco->node("controllers/{$this->name}");
}
protected function _isAdmin(){
if($this->Auth->user() && $this->Auth->user('role_id') == 1){
$this->Auth->allow();
return true;
}
return false;
}
public function getRoleId(){
if(!is_null($this->Auth->user('role_id'))){
return $this->Auth->user('role_id');
}
return 9; //Usuário não cadastrado
}
}
?>
答案 0 :(得分:2)
我也一直在和Acl一起遇到这个问题。
根据我的理解,当经过身份验证的用户尝试访问他们无权执行此操作的对象时,CakePHP会首先尝试将其重定向到他们的引荐来源网址,或$loginRedirect,或者只是普通的根
由于某种原因(我不会假装理解),这不起作用,并输出$loginRedirect的乱码版本。就我而言,CakePHP安装在localhost/cakephp中,所以我收到了localhost/cakephp/cakephp的请求。如果$loginRedirect指向控制器,则会指向localhost/cakephp/cakephp/controller/method。
解决方法是进入AuthComponent.php(在CakePHP库中)并从
编辑$unauthorizedRedirect
public $unauthorizedRedirect = true;
到
public $unauthorizedRedirect = '/';
答案 1 :(得分:2)
确定, 我找到了答案。你可以在AppController中添加unauthorize redirect,如下所示:
public $components = array(
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'authError' => 'Did you really think you are allowed to see that?',
'unauthorizedRedirect' => array(
'controller' => 'users',
'action' => 'index',
'prefix' => false)
),
'Session'
);
您可以在此处指定任何未经授权的重定向或自定义未经授权的页面
答案 2 :(得分:1)
控制未经授权的访问。
* - 对于默认值true,未经授权的用户将被重定向到引荐来源网址
*或AuthComponent :: $ loginRedirect或&#39; /&#39;。
* - 如果设置为字符串或数组,则该值将用作重定向到的URL。
* - 如果设置为false,则抛出ForbiddenException异常而不是重定向。
所以我赞成查尔斯巴里说的话
答案 3 :(得分:0)
似乎仅当您的项目位于子目录中时才会发生此行为。
该文档指出“默认情况下,未经授权的用户将按此顺序重定向到引荐来源网址或AuthComponent::$loginRedirect或‘/’。”。
如果$loginRedirect是一个数组,则AuthComponent::redirectUrl数组为converted to an URL with a "special" parameter:
Router::url($redir + array('base' => false));
此参数'base' => false剥离了URL的基础,因此登录后的重定向甚至可以在子目录中工作。
不幸的是,在AuthComponent的function _unauthorized中,使用$loginRedirect将来自Controller::referer的网址从数组转换为字符串,并且未使用特殊参数'base' => false。 / p>
解决方案可能是确保基本总是被剥离并在AppController中使用特殊参数定义$loginRedirect,例如
$this->Auth->loginRedirect = array(
'controller' => 'posts',
'action' => 'index',
'base' => false
);
如果您决定按照Manoj Sharma的建议设置$unauthorizedRedirect,则每个未经授权的请求都会重定向到此网址,而不会重定向到引荐来源网址。如果用户在点击未经授权的链接后只是获取authError消息,这可能是不需要的,但是在键入未经授权的URL时应该重定向。