我正在使用CakeDC用户插件,我无法让管理员能够查看管理部分,因为任何注册用户都可以访问管理员。我做错了什么?
AppController.php
class AppController extends Controller {
public $components = array(
'DebugKit.Toolbar',
'Auth' => array('authorize' => array('Controller')
)
);
public function isAuthorized($user = null) {
// Any registered user can access public functions
if (empty($this->request->params['admin'])) {
return true;
}
// Only admins can access admin functions
if (isset($this->request->params['admin'])) {
return (bool)($user['role'] === 'admin');
}
// Default deny
return false;
}
public function beforeFilter(){
$this->Auth->allow("display");
if ($this->Auth->loggedIn()) {
$this->layout = 'loggedin';
}
}
}
UsersController.php (来自CakeDC用户插件控制器)
//other code here
public function isAuthorized($user = null) {
return parent::isAuthorized($user);
}
//other code here
routes.php文件
Router::connect('/users', array('plugin' => 'users', 'controller' => 'users'));
Router::connect('/users/index/*', array('plugin' => 'users', 'controller' => 'users'));
Router::connect('/users/:action/*', array('plugin' => 'users', 'controller' => 'users'));
Router::connect('/users/users/:action/*', array('plugin' => 'users', 'controller' => 'users'));
Router::connect('/login', array('plugin' => 'users', 'controller' => 'users', 'action' => 'login'));
Router::connect('/logout', array('plugin' => 'users', 'controller' => 'users', 'action' => 'logout'));
Router::connect('/register', array('plugin' => 'users', 'controller' => 'users', 'action' => 'add'));
Router::connect('/admin', array('plugin' => 'users', 'controller' => 'users', 'admin' => true));
Router::connect('/admin/:action/*', array('plugin' => 'users', 'controller' => 'users', 'admin' => true));
core.php中
Configure::write('Routing.prefixes', array('admin'));
修改 当我在组件中调用authorize = array('Controller')时,没有调用isAuthorized()。不得不在AppController的beforeFilter()中添加它:$ this-> Auth-> authorize ='Controller';
答案 0 :(得分:1)
在功能isAuthorized中:
$this->request->params['admin']
始终不为空,因此返回true值:)