3

我有一个我正在尝试创建的注销功能,它将检查当前页面是否允许注销用户。如果是,我将留在页面上,如果不是,我将重定向到主页。我想知道如何检查当前页面是否被允许。我可以检查他们是否获得了以下代码的授权:

public function logout()
{
    if($this->isAuthorized($this->Auth->user())) {
        $this->Auth->logout();
        $redirect = $this->redirect($this->referer());
    } else {
        $this->Auth->logout();
        $redirect = $this->redirect(['controller' => 'pages', 'action' => 'home']);
    }
    return $redirect;
}

但我无法检查当前页面是否允许:

public function logout()
{
    if(in_array($this->request->here, $this->Auth->allow())) {
        $this->Auth->logout();
        $redirect = $this->redirect($this->referer());
    } else {
        $this->Auth->logout();
        $redirect = $this->redirect(['controller' => 'pages', 'action' => 'home']);
    }
    return $redirect;
}
4

2 回答 2

1

最佳实践是使用$this->Auth->allowedActions, 而 Auth 组件将允许的操作存储在allowedAction属性中。您可以按以下方式调用它们:

$actions = $this->Auth->allowedActions;
于 2015-12-10T09:07:45.883 回答
0

我想出了一个答案,但如果有更好的方法,我仍然想知道。我将隐藏输入中的操作传递给控制器​​方法并检查是否在 allowedPages 数组中。

public $allowedPages = [];
public function beforeFilter(Event $event)
{
    parent::beforeFilter($event);
    $this->allowedPages = ['checkout', 'charge', 'logout'];
    $this->Auth->allow($this->allowedPages);
}

public function logout()
{
    if(in_array($this->request->data('action'), $this->allowedPages)) {
        $this->Auth->logout();
        $redirect = $this->redirect($this->referer());
    } else {
        $this->Auth->logout();
        $redirect = $this->redirect(['controller' => 'pages', 'action' => 'home']);
    }
    return $redirect;
}
于 2015-10-21T17:16:09.293 回答