供参考我使用SLIM框架
我的问题是您在下面的代码中看到注释掉的 print_r命令。由于某种原因,变量在!in_array函数之前显示正确的值。我不知道发生了什么,但是当你将变量$allowedUserTypes传递给该函数时,它似乎正在使用(我在某处猜测某个旧版本的变量)不正确的值。不知道这是怎么可能的,因为它在该函数之前工作?我猜是存在某种范围问题,或者我误解了使用' USE'匿名函数中的关键字。
$validate_user = function ($allowedUserTypes, $templateFolder = 'api'){
return function() use ($allowedUserTypes, $templateFolder){
global $app, $settings, $user, $device;
set_template_directory($templateFolder);
$errors = array();
$validated = true;//assumed valid until proven false.
//check session variables only if not token api call
if($app->request()->params('token') == ''){
//Check for expiration date hack
if($_SESSION['remember']==false){
$now = new DateTime();
$now->modify("-30 minutes");
}else{
$now = new DateTime();
$now->modify("-14 days");
}
//If the cookie still exists then it might have a time value in it. See if it's set.
if(isset($_SESSION['time'])){
//If time now (minus minute) is greater than the session time then hack attempted.
if($now > $_SESSION['time']){
$errors["errors"]["generic"][] = "Permission denied. Cookie expired.";
$validated = false;
unset($_SESSION['time']);
unset($_SESSION['remember']);
unset($_SESSION['userid']);
unset($user);
}
}
}
if(isset($user)){
$usertype = Usertype::find_by_id($user->usertype_id);//get all usertypes
//print_r($allowedUserTypes); --> shows Admin, Manager, Franchise Admin, Franchise Manager
if(!in_array($usertype->name,$allowedUserTypes)){
//print_r($allowedUserTypes); --> shows only Admin, Manager ??
$errors["errors"]["generic"][] = "Permission denied for user type :".$usertype->name;
$validated = false;
}
}else{
$errors["errors"]["generic"][] = "Permission denied. User not logged in. Please log in and try again.";
$validated = false;
}
if($validated==false){
$errors["command"] = "Error";
$errors['message'] = "User could not be validated.";
if($templateFolder=='templates'){
$app->render('shared/header.php', array('settings' => $settings));
$app->render($device.'/header.php', array('settings' => $settings, 'pagetitle' => 'Pool Service USA | Error Page', 'user' => $user));
$app->render($device.'/error.php', array('settings' => $settings, 'errors' => $errors,'device' => $device));
$app->render($device.'/footer.php', array('settings' => $settings));
$app->render('shared/footer.php', array('settings' => $settings));
}else{ //API Based Errors
$app->render('shared/error.php', array(
'settings' => $settings,
'errors' => $errors,
'device' => $device
));
}
$app->stop();//stop rendering to this point.
}
};
};
我会在调用之前显示我用来调用此函数的两行,以及在与此函数有关之后使用它。
$app->map('/api/remove-user' ,'get_user',$validate_user(array('Admin','Manager','Franchise Admin','Franchise Manager')),$remove_record_for_class('User')) ->via('GET', 'POST');
$app->map('/api/view-user' ,'get_user',$validate_user(array('Admin','Manager','Franchise Admin','Franchise Manager')),$view_results_for_class('User')) ->via('GET', 'POST');
任何建议都表示赞赏!
答案 0 :(得分:1)
事实证明我偶然运行了$ app-> map('')命令两次,在一种情况下只发送导致错误的'Admin'和'Manager'。所以我的一个愚蠢的错误:(。只是去展示以注意这些东西。