CakePHP ACL为不同组生成不同的链接 [英] CakePHP ACL generating different links for different groups
问题描述
使用CakePHP 2.0的ACL我创建了2个组。一个是管理员,一个是访客。现在管理员可以添加和上传图片,访问者只需查看图片,如果他们点击添加或删除,它不会让他们做任何事情。删除访问者群组的这些链接的最佳方法是什么?
如果我使用if / else语句检查它们属于哪个组,那么这是最好的解决方案吗?导致用户没有被授权执行的动作,视图必须以某种方式知道用户权限。
您可以通过检查用户所属的组来检查这些权限,但这意味着您不会再依赖于ACL权限。所以任何ACL权限更新都必须在代码中报告。不是很方便。
那么还有什么?一种方法是检查控制器中的用户权限,通常是在登录期间,然后在会话中保留这些权限。
然后可以在视图中检查会话中的权限,以隐藏或显示视图的某些部分。您可以在此处找到此示例:
但是对于链接,你可以进一步,避免在视图中编写测试。我personnaly使用从HtmlHelper继承并覆盖link()方法的帮助器。
基本上,它的工作原理是相同的:在overriden link()方法中,目标操作的权限被检查,帮助器返回链接,如果用户不允许访问目标操作,什么也不做。 / p>
如果您想尝试我的代码,可以使用我的 Acl插件
在您的AppController中,设置权限:
var $ components = array(...,'Acl.AclManager');
function beforeFilter()
{
...
//你可以把它放在这里,因为每次会话只执行一次权限检查
$ this-> AclManager-> set_session_permissions();
...
}
在您的视图中,使用AclHtmlHelper
$ this-> AclHtml-> link(...)
此方法基于的原则的一般注释:所有权限在登录期间检查。如果你的应用程序中有很多操作,这可能会大大减慢登录。
一种更有效的方法是仅在需要时检查每个操作的用户权限,这意味着在调用link()方法时。但这将意味着帮助者必须检查Acl权限本身,这将以某种方式打破MVC模型。在核心库中,Acl检查高度耦合到组件。
Using CakePHP 2.0's ACL I have created 2 groups. One is admin and one is visitors. Right now admin can add and upload images and visitors can just view the images, if they click add or delete, it won't let them do anything. What's the best way to remove these links for visitor group? If I check which group they belong to using if/else statement, would that be the best solution?
To hide links that lead to actions a user is not authorized to perform, the views must somehow be aware of the user permissions. You could check these permissions by checking the group a user belongs to, but this would mean that you wouldn't rely on the ACL permissions anymore. So any ACL permission update would have to be reported in code. Not very handy.
Then what else ? An approach is to check the user permissions in the controller, typically during login, and then keep these permissions in session. The permissions in session can then be checked in the views to hide or show some parts of the views. You can find an example of this method here:
But for links specifically, you can go a little further and avoid to write the tests in views. I personnaly use a helper that inherits from the HtmlHelper and overrides the link() method. Basically it works on the same idea: inside the overriden link() method, the permission on the target action is checked and the helper return the link, or nothing if the user is not allowed to access the target action.
If you want to try my code, you can use my Acl plugin
In your AppController, set the permissions:
var $components = array(..., 'Acl.AclManager');
function beforeFilter()
{
...
//you can put it here as the permissions check is performed only once per session
$this->AclManager->set_session_permissions();
...
}
And in your views, use the AclHtmlHelper
$this->AclHtml->link(...);
A general remark on the principle this method is based on though: all permissions are checked during login. If you have many actions in your application, this can considerably slow down the login.
A more effective approach could be to check the user permission for each actions only when it is required, meaning when the link() method is called. But this would mean that the helper would have to check the Acl permission itself, and this would somehow break the MVC model. And in the core lib, the Acl check is highly coupled to a component.
这篇关于CakePHP ACL为不同组生成不同的链接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
