我一直想把这个问题弄清楚。从其他问题中尝试了一些事情,但它要么不适用于我的情况,要么不起作用。我有两张桌子:
用户 =(ID,姓名,用户名,密码,角色,last_edit,语言)
french_translations =(id,french_clinical_recommendations,french_tradenames,include_drug,french_category,drug_id,user_id)
用户hasMany french_translations和french_translations属于用户。
当用户添加或编辑french_translation时,我希望它将用户ID保存在french_translations表中,即该记录的字段user_id,然后在users表的last_edit字段中输入药物的通用名称。现在它在每个表中创建一个新记录。在users表中,除了id和last_edit字段(将正确的药物名称放在字段中)之外,所有内容都是空白的。而french_translations表有一个空白记录,user_id与users表中创建的空白记录相同。
控制器:
function add($id = null) {
$userid = $session->read('Auth.User.id');
$drug = $this->FrenchTranslation->Drug->read(
array(
'Drug.id','Drug.generic','Drug.ahl','Drug.aap','Drug.rid','Drug.oral','Drug.mw','Drug.clinical_recommendations',
'Drug.category','Drug.lrc'
),
$id
);
$this->set('user',$userid);
$this->set('drug',$drug);
if (!empty($this->data)) {
$french_translation['FrenchTranslation']['id'] = $this->Session->read('id');
$this->FrenchTranslation->create();
if ($this->FrenchTranslation->save($this->data)) {
$this->Session->setFlash(__('The french translation has been saved', true));
$this->redirect(array('controller'=>'drugs','action' => 'index'));
} else {
$this->Session->setFlash(__('The french translation could not be saved. Please, try again.', true));
}
}
$drugs = $this->FrenchTranslation->Drug->find('list');
$this->set(compact('drugs'));
}
function edit($id = null) {
//$this->FrenchTranslation->id = $id;
$userid = $this->Auth->user('id');
$username = $this->Auth->user('name');
//$this->FrenchTranslation->user_id = $id;
$drug = $this->FrenchTranslation->Drug->read(
array(
'Drug.id','Drug.generic','Drug.ahl','Drug.aap','Drug.rid','Drug.oral','Drug.mw','Drug.clinical_recommendations',
'Drug.category','Drug.lrc'
),
$id
);
$this->set('drug',$drug);
$this->set('user',$userid);
$this->set('username',$username);
if (!$id && empty($this->data)) {
$this->Session->setFlash(__('Invalid french translation', true));
$this->redirect(array('action' => 'index'));
}
if (!empty($this->data)) {
if ($this->FrenchTranslation->saveAll($this->data)) {
$this->Session->setFlash(__('The french translation has been saved', true));
$this->redirect(array('controller'=>'drugs','action' => 'index'));
} else {
$this->Session->setFlash(__('The french translation could not be saved. Please, try again.', true));
}
}
if (empty($this->data)) {
$this->data = $this->FrenchTranslation->read(null, $id);
}
$drugs = $this->FrenchTranslation->Drug->find('list');
$this->set(compact('drugs'));
}
function delete($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid id for french translation', true));
$this->redirect(array('action'=>'index'));
}
if ($this->FrenchTranslation->delete($id)) {
$this->Session->setFlash(__('French translation deleted', true));
$this->redirect(array('action'=>'index'));
}
$this->Session->setFlash(__('French translation was not deleted', true));
$this->redirect(array('action' => 'index'));
}
修改视图:
<?php echo $this->Form->input('User.last_edit',array('type'=>'hidden','value'=>$drug['Drug']['generic'])); ?>
<?php echo $this->Form->input('user_id', array('type'=>'hidden','value'=>$user)); ?>
答案 0 :(得分:1)
这是一个迟到的答案,但你绝不应该使用视图来设置像user_id这样的安全变量。相反,您可以在控制器中设置这些变量:
$this->request->data['User']['last_edit'] = $this->request->data['Drug']['generic'];
答案 1 :(得分:0)
我想通了,但是,我觉得有一种更好,更安全的方式。我正在使用安全组件,一个人必须登录才能看到任何网站,所以它可能足够安全。
我只是为用户ID添加了user.id输入,此时它可以找到将last_edit存储到的相应用户。在控制器中,我有一个名为$ userid的变量,它使用$userid = $this->Auth->user('id');获取当前用户ID,并使用$ths->set('user',$userid);传递给视图。我在药物user_id字段的输入中使用了相同的用户ID值。
查看:
<?php echo $this->Form->input('User.id',array('type'=>'hidden','value'=>$user));//The user ID last edit will be stored in ?>
<?php echo $this->Form->input('User.last_edit',array('type'=>'hidden','value'=>$drug['Drug']['generic']));//The drug edited last by the specified user ?>