我的 cakePHP 应用程序在启用 acl 权限的情况下运行。我已允许一组用户能够访问我的一个控制器上的所有操作,但有时如果他们的用户 ID 与他们尝试访问的模型中的用户 ID 值不匹配,我希望能够拒绝访问或基于其他一些任意标准。
那么.. 当用户已经可以从 ACL 组件访问操作时,拒绝用户访问操作的常规方法是什么?
问问题
833 次
1 回答
0
TLDR: don't use ACL. (It's most likely way overkill AND doesn't seem ideal in your project).
There are a lot of options, depending on your situation, but it boils down to making a method that checks whether or not they have permission to be there/be doing that.
Whether it's a method in the Controller, the Model, or a Behavior that can be used across all models...etc.
My guess from your description is that an ideal way would be to create a Behavior with a method "hasAccess" or something. Then, in the "some actions" where you want to limit access, run the method - something like this:
if(!$this->MyModel->hasAccess($userId)) $this->redirect('/');
于 2013-08-11T05:48:15.723 回答