CakePHP的3.0 isAuthorized（）不会被调用 [英] cakephp 3.0 isAuthorized() not being called

问题描述

我跟着教程，所有的CakePHP的授权指导，我不能让被称为我的isAuthorized（）方法。我的理解（纠正我，如果我错了，这是令人难以置信的可能）是通过做委托授权给特定的控制器授权 - ＆GT; ['控制'] 中 AppController.php ，当一个UsersController方法被调用，在这种情况下，添加，UsersController将运行 isAuthorized（）方法我定义。我测试，看看这个方法运行在所有输出一个闪动>错误消息，权当 isAuthorized（）的调用，但没有任何反应。如果我明确地调用 isAuthorized（$硬codeduser）在我的 beforeFilter（）方法，它可以工作，但只能如果我硬codeA用户。

方法应该工作的方式是：如果一个注册的用户请求添加/创建一个新用户，看看系统检查，如果用户具有管理员/员工级别的权限（这仅仅是一个0或1的值数据库），如果用户没有权限然后将其重定向到主屏幕，一个错误信息，说你无权访问该功能。

任何帮助或建议或其他链接跟踪会大大AP preciated！

类AppController的扩展控制器{    公共$组件= ['闪光'，'验证'，'会议'];    公共函数初始化（）{        $这个 - ＆GT; loadComponent（'闪光'）;
        $这个 - ＆GT; loadComponent（'验证'，[
            '授权'=＆GT; ['控制']，
            loginRedirect'=＆GT; [
                控制器=＆GT; '文章'，
                '行动'=＆GT; '指数'
            ]
            logoutRedirect'=＆GT; [
                控制器=＆GT; 页数，
                '行动'=＆GT; '显示'，
                '家'
            ]        ]）;
    }    公共职能beforeFilter（事件$事件）{
        $这个 - ＆GT; Auth-＆GT;授权='控制';
    }    公共职能isAuthorized（$用户）{        如果（使用isset（$用户['is_staff']））
            返回true;        返回false;
    }
}
类UsersController扩展的AppController {    公共职能beforeFilter（事件$事件）{
        父:: beforeFilter（$事件）;
        $这个 - ＆GT; Auth-＆GT;允许（['注销']）;
    }    公共职能isAuthorized（$用户）{        $这个 - ＆GT; FLASH-GT＆;错误（__（'测试消息请工作））;
        如果（$这个 - ＆GT;请求 - ＆GT;行动==='加'）{
            $ isStaff = $用户['is_staff'];
            如果（$ isStaff == 0）{
                $这个 - ＆GT;重定向（$这个 - ＆GT; Auth-＆GT;的redirectUrl（））;
                $这个 - ＆GT; FLASH-GT＆;错误（__（'未授权访问此功能'））;
                返回false;
            }
        }
        返回父:: isAuthorized（$用户）;
    }
}


解决方案

通常你的假设是正确的，控制器:: isAuthorized（）即将使用时将自动调用控制器授权处理。

与code的问题是，在你的 UsersController :: beforeFilter（）方法，则需要明确允许添加方法被大家（它甚至不会要求身份验证）来访问：

  $这个 - ＆GT; Auth-＆GT;允许（['注销'，'加']）;
 

您要明白，一旦一个方法是允许的，将有由AUTH组件没有做进一步的检查，看<一个href=\"https://github.com/cakephp/cakephp/blob/0e90d71732992dd1ab0320c8205e84d13d936da5/src/Controller/Component/AuthComponent.php#L265-L267\"相对=nofollow> AuthComponent ::启动（） 。

另外请注意，你并不需要重定向和手动设置闪光灯的消息，该组件将这样做对你来说，你只需要它适当地使用 authError 和 unauthorizedRedirect 选项，请参阅 <一个href=\"http://book.cakephp.org/3.0/en/controllers/components/authentication.html#configuration-options\"相对=nofollow>食谱>组件>认证>配置选项

I've followed the tutorial and all the CakePHP Authorization guide and I can't get my isAuthorized() method to be called. My understanding (correct me if I am wrong, which is incredibly likely) is by delegating authorize to the specific controllers by doing 'authorize'->['Controller'] in AppController.php, when a method in UsersController is called, in this case 'add', UsersController would run the isAuthorized() method I defined. I was testing to see if this method ran at all outputting a flash->error message right when isAuthorized() is called but nothing happens. If I explicitly call isAuthorized($hardcodeduser) in my beforeFilter()method it will work but only if I hard code a user.

The way the method is supposed to work is: If a registered user requests to add/create a new user, the system checks to see if the user has admin/staff level permissions (which is just a 0 or 1 value in the database) and if the user does not have permission then it redirects to the home screen with an error message that says "You are not authorized to access that function".

Any help or suggestions or other links to follow would be much appreciated!

class AppController extends Controller {

    public $components = ['Flash', 'Auth', 'Session'];

    public function initialize() {

        $this->loadComponent('Flash');
        $this->loadComponent('Auth', [
            'authorize' => ['Controller'],
            'loginRedirect' => [
                'controller' => 'Articles',
                'action' => 'index'
            ],
            'logoutRedirect' => [
                'controller' => 'Pages',
                'action' => 'display',
                'home'
            ]

        ]);
    }

    public function beforeFilter(Event $event) {
        $this->Auth->authorize = 'Controller';
    }

    public function isAuthorized($user) {

        if(isset($user['is_staff']))
            return true;

        return false;
    }
}


class UsersController extends AppController {

    public function beforeFilter(Event $event) {
        parent::beforeFilter($event);
        $this->Auth->allow(['logout']);
    }

    public function isAuthorized($user) {

        $this->Flash->error(__('Test Message PLEASE WORK'));
        if($this->request->action === 'add') {
            $isStaff = $user['is_staff'];
            if($isStaff == 0) {
                $this->redirect($this->Auth->redirectUrl());
                $this->Flash->error(__('Not authorized to access this function'));  
                return false;
            }
        }
        return parent ::isAuthorized($user);
    }
}

解决方案

Generally your assumption is correct, Controller::isAuthorized() is going to be invoked automatically when using the controller authorization handler.

The problem with your code is that in your UsersController::beforeFilter() method you are explicitly allowing the add method to be accessed by everyone (it won't even require authentication):

$this->Auth->allow(['logout', 'add']);

You have to understand that once a method is allowed, there will be no further checks made by the auth component, see AuthComponent::startup().

Also note that you don't need to redirect and set a flash message manually, the component will do that for you, you just need to configure it appropriately using the authError and unauthorizedRedirect options, see Cookbook > Components > Authentication > Configuration options

这篇关于CakePHP的3.0 isAuthorized（）不会被调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！