我正在学习cakePHP,我已经编写了手册的例子,问题是用于注册UsersController的方法,当我按下链接注销时,应用程序被重定向到登录表单,但浏览器的后退按钮允许返回需要经过身份验证的用户的页面,关于添加帖子的页面会出现这种情况的示例
源代码
UsersController.php
<?php
class UsersController extends AppController {
public function beforeFilter() {
parent::beforeFilter();
// Allow users to register and logout.
$this->Auth->allow('add', 'logout');
}
public function add() {
if ($this->request->is('post')) {
$this->User->create();
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been saved'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(
__('The user could not be saved. Please, try again.')
);
}
}
public function edit($id = null) {
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
if ($this->request->is('post') || $this->request->is('put')) {
if ($this->User->save($this->request->data)) {
$this->Session->setFlash(__('The user has been saved'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(
__('The user could not be saved. Please, try again.')
);
} else {
$this->request->data = $this->User->read(null, $id);
unset($this->request->data['User']['password']);
}
}
public function delete($id = null) {
$this->request->onlyAllow('post');
$this->User->id = $id;
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
if ($this->User->delete()) {
$this->Session->setFlash(__('User deleted'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('User was not deleted'));
return $this->redirect(array('action' => 'index'));
}
public function login() {
//$this->layout=null;
if ($this->request->is('post')) {
if ($this->Auth->login()) {
$this->Session->write('userid',$this->Auth->user('id'));
//$this->Session->write('userid',AuthComponent::user('id'));
return $this->redirect($this->Auth->redirect());
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
public function logout() {
$this->Session->delete('userid');
$this->Session->destroy();
return $this->redirect($this->Auth->logout());
}
}
?>
PostsController.php
<?php
class PostsController extends AppController {
public $helpers = array('Html', 'Form');
public function isAuthorized($user) {
// All registered users can add posts
if ($this->action === 'add') {
return true;
}
// The owner of a post can edit and delete it
if (in_array($this->action, array('edit', 'delete'))) {
$postId = (int) $this->request->params['pass'][0];
if ($this->Post->isOwnedBy($postId, $user['id'])) {
return true;
}
}
return parent::isAuthorized($user);
}
public function index() {
if ($this->Session->read('userid')) {
$this->set('posts', $this->Post->find('all', array('conditions' => array('Post.user_id' => AuthComponent::user('id')))));
} else {
$this->set('posts', $this->Post->find('all'));
}
}
public function view($id = null) {
if (!$id) {
throw new NotFoundException(__('Invalid post'));
}
$post = $this->Post->findById($id);
if (!$post) {
throw new NotFoundException(__('Invalid post'));
}
$this->set('post', $post);
}
public function add() {
if ($this->Auth->loggedIn()) {
if ($this->request->is('post')) {
$this->request->data['Post']['user_id'] = $this->Auth->user('id');
$this->Post->create();
if ($this->Post->save($this->request->data)) {
$this->Session->setFlash(__('Your post has been saved.'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Unable to add your post.'));
}
} else {
return $this->redirect(array('controller' => 'users', 'action' => 'login'));
}
}
public function edit($id = null) {
if (!$id) {
throw new NotFoundException(__('Invalid post'));
}
$post = $this->Post->findById($id);
if (!$post) {
throw new NotFoundException(__('Invalid post'));
}
if ($this->request->is(array('post', 'put'))) {
$this->Post->id = $id;
if ($this->Post->save($this->request->data)) {
$this->Session->setFlash(__('Your post has been updated.'));
return $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('Unable to update your post.'));
}
if (!$this->request->data) {
$this->request->data = $post;
}
}
public function delete($id) {
if ($this->request->is('get')) {
throw new MethodNotAllowedException();
}
if ($this->Post->delete($id)) {
$this->Session->setFlash(
__('The post with id: %s has been deleted.', h($id))
);
return $this->redirect(array('action' => 'index'));
}
}
}
?>
AppController.php
<?php
App::uses('Controller', 'Controller');
/**
* Application Controller
*
* Add your application-wide methods in the class below, your controllers
* will inherit them.
*
* @package app.Controller
* @link http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
*/
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'loginRedirect' => array('controller' => 'posts', 'action' => 'index'),
'logoutRedirect' => array('controller' => 'users','action' => 'login'),
'authorize' => array('Controller') // Added this line
)
);
public function isAuthorized($user) {
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
public function beforeFilter() {
$this->Auth->allow('index','view','login','helloajax');
}
}
?>
答案 0 :(得分:0)
请从AppController中检查beforeFilter函数
您已通过AuthComponent明确允许某些操作
public function beforeFilter() {
$this->Auth->allow('index','view','login','helloajax');
}
请验证您要允许未经身份验证的访问者执行的操作。
由于AppController被cakephp中的每个控制器扩展。结果是,您允许未经身份验证的用户访问您已创建或将创建的每个控制器的索引,查看,登录等操作。