CakePHP - ACL中更细粒度的ACOs [英] CakePHP - More granular ACOs in ACL

问题描述

我的产品表格：

select * from products;
+------+----------------+
| id   | name           |
+------+----------------+
|    1 | product XYZ    |
|    2 | product XPTO   |
|    3 | procudt ABC    |
|    4 | procudt QWERTY |
|    5 | procudt 1234   |
+------+----------------+

我可以允许/拒绝一些用户访问模型产品，例如：

I can allow/deny some group of users to access the Model "Products", like:

$group->id = 3;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Products');

$group->id = 4;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'controllers/Products/view');

但是如何允许/拒绝某些组访问某些特定产品，例如：

But how to allow/deny some group to access some specific products, like:

$group->id = 5;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'product XYZ');

$group->id = 6;
$this->Acl->deny($group, 'controllers');
$this->Acl->allow($group, 'product XPTO');
$this->Acl->allow($group, 'product 1234');

？

推荐答案

您想要行级访问控制。在CakePHP中有几种方法（一些使用Cake的ACL功能，有些不使用），因此您应该看看周围，看看什么是最适合您的情况。

You want row level access control. There are several ways of going about that in CakePHP (some using Cake's ACL functionality, some not) so you should look around and see what is best for your situation.

但是要记住的一件事是， Cake中的框ACL功能旨在实现对控制器操作的访问控制，而不是特定的数据库行。根据你需要检查的数据量，事情可能会很快失控。您可能需要重新考虑自己的设计，看看您是否真的需要在记录级别检查访问权限。

One thing to keep in mind, though, is that the out of the box ACL functionality in Cake was designed for implementing access control against controller actions, and not specific database rows. Depending on the amount of data you need to check things could get out of hand fairly quickly. You might want to reconsider your design to see if you truly need to check access at the record level.

这篇关于CakePHP - ACL中更细粒度的ACOs的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！