(CakePHP)是授权相关问题。有人可以看看吗?

时间:2013-05-05 14:35:17

标签: cakephp

我在数据库中有两个表,Admins和Users。管理员应该只打开有9个控制器的管理员面板。用户将看到前端有一个控制器名称“HomeController”。

当用户登录时,他可以访问仅适用于管理员的控制器。当Admin登录时,他可以打开仅适用于用户的控制器。我该如何防止这种情况?

AppController的:

class AppController extends Controller {

public $components = array(
    'Session',
    'Auth' => array(
        'authenticate' => array(
            'Admin' => array(
                'userModel' => 'Admin',
                'fields' => array(
                    'username' => 'username',
                    'password' => 'password'
                    )
            ),
            'User' => array(
                'userModel' => 'User',
                'fields' => array(
                    'username' => 'username',
                    'password' => 'password'
                    )
            )
        )
    )
);

public function beforeFilter()
{

}  

}

TransactionsController :(由管理员访问)

public function beforeFilter()
{       
    $this->Auth->loginRedirect = array('controller' => 'items', 'action' => 'index');
    $this->Auth->logoutRedirect = array('controller' => 'admins', 'action' => 'login');
    $this->Auth->loginAction = array('controller' => 'admins', 'action' => 'login');

    // Basic setup
    $this->Auth->authenticate = array('Form');

    // Pass settings in
    $this->Auth->authenticate = array(
        'Form' => array('userModel' => 'Admin')
    );

}

public function isAuthorized($admin)
{
    if(isset($admin['Admin']['id']))
    {
        return true;
    }
    return false;
}

HomeController :(由用户访问)

public function beforeFilter()
{   
    $this->Auth->loginRedirect = array('controller' => 'home', 'action' => 'index');
    $this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');

    // Basic setup
    $this->Auth->authenticate = array('Form');

    // Pass settings in
    $this->Auth->authenticate = array(
        'Form' => array('userModel' => 'User')
    );

    $this->Auth->allow('view', 'index', 'item', 'itemlist', 'search');
}

public function isAuthorized($user)
{
    if(isset($user['User']['id']))
    {
        return true;
    }
    return false;
}

1 个答案:

答案 0 :(得分:1)

如果您只有两个级别的身份验证,管理员和用户,则可以尝试prefix routing

URLS是预定义的

http://mysite.com/admin/transactions

将路由到事务控制器,您将为每个管理员和用户提供前缀索引方法

public function admin_index(){

}

public function user_index(){
    $this->redirect(array('controller' => 'home', 'action' => 'index'));
}

如果您有两个以上的用户组,请查看Access Control Lists

相关问题
最新问题