我正在使用cake 2.x
我也在使用Auth和Acl Component。
我想允许对所有登录用户执行单个操作。
但这导致我多次编写此代码然后运行initDB。
public function initDB() {
$group = $this->User->Group;
//Allow ADMINISTRATORS to everything
$group->id = ADMINISTRATORS;
$this->Acl->allow($group, 'controllers');
//allow SALES_MANAGERS to upload SOW file at `products`
$group->id = SALES_MANAGERS;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Pages');
//allow SOLUTION_ARCHITECTS to only add and edit on posts and widgets
$group->id = SOLUTION_ARCHITECTS;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Pages');
//allow IMPLEMENTATION_MANAGERS to only add and edit on posts and widgets
$group->id = IMPLEMENTATION_MANAGERS;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Pages');
//we add an exit to avoid an ugly "missing views" error message
echo "all done";
exit;
}
正如您所注意到的,我需要允许所有不同群组使用Pages。
我更喜欢类似于Auth的简单方法 - >允许允许所有登录用户的某些操作。
谢谢。
更新
这是我的解决方法。有更好的解决方案吗?
public function initDB() {
$group = $this->User->Group;
... // didn't want to repeat this part which is same as above.
// we allow all groups the following actions
$onlyForLoggedInUsers = array(
'controllers/Users/logout',
'controllers/Pages',
);
$this->_allowAllGroupsThisAction($onlyForLoggedInUsers);
//we add an exit to avoid an ugly "missing views" error message
echo "all done";
exit;
}
protected function _allowAllGroupsThisAction($actions) {
$groups = array(SALES_MANAGERS, SOLUTION_ARCHITECTS, IMPLEMENTATION_MANAGERS);
$actions = (array)$actions;
$group = $this->User->Group;
foreach ($groups as $id) {
$group->id = $id;
foreach($actions as $action) {
$this->Acl->allow($group, $action);
}
}
}
答案 0 :(得分:0)
如果您将组创建为分层,则可以。创建一个作为Tree的组结构,并按如下方式构建数据:
使用此结构,所有后代都将继承分配给父ARO的任何权限。有关如何设置配置父行为的说明,请访问:http://book.cakephp.org/2.0/en/tutorials-and-examples/simple-acl-controlled-application/simple-acl-controlled-application.html#acts-as-a-requester