PHP验证用户有权访问内容 [英] PHP verify that user has access to content
问题描述
我正在为我的框架/应用程序构建一个 ACL 插件。
I am building an ACL plugin to my framework / application.
上一个控制器 / 动作验证,这意味着它可以检查
The previous ACL applications i have worked with has a controller / action verification meaning that it checks if the user has access to both the controller and the view.
现在,在许多应用程序中,用户可以访问控制器和视图都可以访问,但是仍然没有内容访问权限。
Now in many applications a user can have access to both the controller and the view but still not have acess to the content.
例如:
user1可以访问控制器:游戏和视图:播放但无法访问 id :1
user1 has access to the controller: games and the view: play but not have access to the id: 1
我的第一个想法是检查 $ _ GET 变量,但这还不够,因为无法知道内容在寻找什么变量。
My first idea was to check the $_GET variable but this is not sufficient since it is impossible to know what the variable that the content is looking for.
所以我的问题是,您将如何验证用户有权访问视图的内容?
So my question is how would you verify that the user has access to the content of the view?
推荐答案
好吧,您确实知道Controller中内容的ID,并且您知道用户正在尝试访问它。只需将contentId添加到您的ACL检查例程中?您只需要添加更多的ACL数据,在这种情况下,仅使用控制器和方法的当前实现是不够的。
Well, you do know the id of the content in your Controller and you do know the user trying to access it. Just add contentId to your ACL check routine? You just have to add more ACL data, current implementation with just controller and method isn't enough in these cases.
例如$ acl-> userIsAllowedTo('view',1,'gamescontroller')左右。
e.g. $acl->userIsAllowedTo('view', 1, 'gamescontroller') or so.
这篇关于PHP验证用户有权访问内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
