如何将数据限制为拥有它的用户而不限制 CakePHP 中的管理员用户? [英] How to limit data to users who own it without limiting admin users in CakePHP?

问题描述

目前我正在编写一个有多个用户的应用程序.他们的数据应该只对他们可见，而对系统中的其他经过身份验证的用户不可见.我也有管理系统并有权访问所有信息的管理员.在不限制管理员用户的情况下限制用户访问其数据的最佳方法是什么?

Currently I am writing an application where I have multiple users. They have data that should only be visible to them and not the other authenticated users in the system. I also have administrators who manage the system and have access to all of the information. What is the best way to limit users to their data without limiting admin users?

目前我正在使用回调来限制用户的查询，但管理员将获得相同的限制.所以我需要知道一个更好的方法来做到这一点.更重要的是，正确的方法.

Currently I am using a callback to limit the queries by user, but the admin will get the same limits. So I need to know a better way to do it. More importantly, the right way to do it.

例如，我希望标准用户只能看到他们的用户信息，并且只能对他们的信息进行 CRUD 操作.但是，管理员应该能够看到所有用户和 CRUD ALL 用户数据.有什么想法吗?

For example, I want the standard user to be able to see their user information only and be limited to CRUD operations on their information only. The admin, however, should be able to see ALL users and CRUD ALL user data. Any ideas?

推荐答案

您需要:

• 关于当前用户的信息
• 有关相关项目的信息

你将它们与这样的东西结合起来(简单的例子):

You combine them with something like this (simple example):

$user = $this->Auth->user();
$book = $this->Book->find(…);
if ($user['type'] != 'admin' && $user['id'] != $book['Book']['creator_id']) {
    $this->Session->setFlash("You're not allowed to view this item");
    $this->redirect('somewhere');
}

你可以在你的模型中创建一个方法

You could make a method in your model like

function userCanAccessItem($item, $user)

集中访问检查的逻辑并从您的控制器调用它.

to centralize the logic for the access check and call it from your controller.

更好的是，如果您使用 Cake 的管理员路由，您可以省略 admin_ 操作中的所有检查，仅在用户可访问操作中应用普通用户访问权限检查.

Better yet, if you're using Cake's admin routing, you can omit all checking in the admin_ actions and only apply normal user access privilege checking in the user accessible actions.

您可能还想查看 ACLs 以获得更多信息- 粒度访问控制.

You may also want to look at ACLs for more fine-grained access control.

这篇关于如何将数据限制为拥有它的用户而不限制 CakePHP 中的管理员用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！