我多次遇到过这个问题,并试图通过删除调用Flash方法来避免它。最近,我想向尝试注销的未登录用户显示错误闪存。但是,当我测试此操作时(通过访问localhost:8765 / users / logout而不登录),一切正常,除了我收到2条错误消息“您无权访问此位置”。我该如何解决这个问题?
这是我的代码
在AppController中:
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authorize' => ['Controller'], //For User authorize checking, this tells app to let each controller decides own rules for authorize
'loginRedirect' => ['controller' => 'Articles', 'action' => 'index'],
'logoutRedirect' => ['controller' => 'Users', 'action' => 'index']
]);
}
public function beforeFilter(Event $event)
{
//this applied to every controller
$this->Auth->allow(['index', 'view', 'display']);
}
...
public function isAuthorized($user)
{
//Admin can access every action
if(isset($user['role']) && $user['role'] === 'admin'){
return true;
}
//Default deny
return false;
}
在UsersController中:
public function isAuthorized($user)
{
//All registered users can add articles
if($this->request->action === 'add'){
return true;
}
//The self user can edit and delete the account
if(in_array($this->request->action, ['edit', 'delete'])){
//get id of targeted user
$targetUserId = (int)$this->request->params['pass'][0];
//check if current user is the targeted user
if($this->Users->selfUser($targetUserId, $user['id'])){
return true;
}else{
$this->Flash->error(__('You are not authorized for this action'));
}
}
return parent::isAuthorized($user);
}
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow(['add']);
}
...
public function logout()
{
return $this->redirect($this->Auth->logout());
}
在UsersTable中
public function selfUser($targetedUserId, $userId)
{
return $targetedUserId == $userId;
}
在default.ctp中
$cakeDescription = 'CakePHP: the rapid development php framework';
?>
<!DOCTYPE html>
<html>
<head>
<?= $this->Html->charset() ?>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
<?= $cakeDescription ?>:
<?= $this->fetch('title') ?>
</title>
<?= $this->Html->meta('icon') ?>
<?= $this->Html->css('base.css') ?>
<?= $this->Html->css('cake.css') ?>
<?= $this->fetch('meta') ?>
<?= $this->fetch('css') ?>
<?= $this->fetch('script') ?>
</head>
<body>
<nav class="top-bar expanded" data-topbar role="navigation">
<ul class="title-area large-3 medium-4 columns">
<li class="name">
<h1><a href=""><?= $this->fetch('title') ?></a></h1>
</li>
</ul>
<div class="top-bar-section">
<ul class="right">
<li><a target="_blank" href="http://book.cakephp.org/3.0/">Documentation</a></li>
<li><a target="_blank" href="http://api.cakephp.org/3.0/">API</a></li>
</ul>
</div>
</nav>
<?= $this->Flash->render() ?>
<div class="container clearfix">
<?= $this->fetch('content') ?>
</div>
<footer>
</footer>
</body>
</html>
在login.ctp中
<div class="users form">
<?= $this->Flash->render('auth') ?>
<?= $this->Form->create() ?>
<fieldset>
<legend><?= __('Please enter your username and password') ?></legend>
<?= $this->Form->input('username') ?>
<?= $this->Form->input('password') ?>
</fieldset>
<?= $this->Form->button(__('Login')); ?>
<?= $this->Form->end() ?>
</div>
答案 0 :(得分:1)
您是否也可以发布CTP文件的摘录?在页面布局中,Flash可能会呈现两次。
答案 1 :(得分:0)
您必须在注销操作中添加以下行:
$this->autoRender = false;
因此,在您的情况下,您的UsersController应该为:
public function isAuthorized($user)
{
//All registered users can add articles
if($this->request->action === 'add'){
return true;
}
//The self user can edit and delete the account
if(in_array($this->request->action, ['edit', 'delete'])){
//get id of targeted user
$targetUserId = (int)$this->request->params['pass'][0];
//check if current user is the targeted user
if($this->Users->selfUser($targetUserId, $user['id'])){
return true;
}else{
$this->Flash->error(__('You are not authorized for this action'));
}
}
return parent::isAuthorized($user);
}
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow(['add']);
}
...
public function logout()
{
$this->autoRender = false;
return $this->redirect($this->Auth->logout());
}