基于所有者的授权 [英] Owner based Authorization

问题描述

我正在尝试根据帖子的所有者进行授权.我存储在帖子的帖子值所有者之一中.如何只允许该作者编辑他的帖子.基本身份验证仅适用于登录用户，而不适用于作者.

解决方案

您将需要在控制器函数中进行此操作以进行编辑. 如果正在编辑帖子，请首先获取正在编辑的帖子，并对照$ this-> Auth-> user('id')中返回的值检查字段中的id(假设您使用的是AuthComponent). /p>

如果它们相同，则继续执行您的编辑逻辑.如果没有，您可能要设置一条简短消息(通知用户不允许他/她进行编辑)，然后重定向回某个位置.

I'm trying to make authorization based on owner of post. I store in one of post values owner of post. How do I allow only this author to edit only his post. Basic authentication restricts only for logged users, but not for author.

解决方案

You'll want to do this in your controller function for editing. In case a post is being edited, first fetch the post being edited and check the id in the field against the value returned by in $this->Auth->user('id') (assuming you're using AuthComponent).

If they're the same, proceed with whatever your editing logic is. If not, you'll probably want to set a flash message (notifying the user that he/she isn't allowed to edit) and then redirect back to somewhere.

这篇关于基于所有者的授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！