我有几种方法UsersController
,我正在尝试赋予角色明智的访问权限。如果
- user_types == 1(用户可以访问所有方法)
- user_types == 2(用户无法访问
admin_list
方法。 - user_types == 3(用户只能访问
forget_password
方法)
在控制器中,我尝试了以下代码
public $components = array('Session','RequestHandler','Auth'=>array(
'loginRedirect' => array('controller' => 'users','action' => 'dashboard'),
'logoutRedirect' => array('controller' => 'users','action' => 'login'),
'authError'=>'You can not access this page!!',
'authenticate' => array(
'Form' => array(
'fields' => array(
'username' => 'email', //Default is 'username' in the userModel
'password' => 'password' //Default is 'password' in the userModel
)
),
),
'authorize' => array('Controller')
));
public function isAuthorized($user) {
return true;
}
在我允许的过滤器之前
$this->Auth->allow('login','logout');
现在UserController
我尝试了下面的代码
public function isAuthorized($user) {
// Admin can access every action
if (isset($user['usertype_id']) && $user['usertype_id'] == 1) {
return true;
}
else if(isset($user['usertype_id']) && $user['usertype_id'] == 2)
{
$this->Auth->deny('admin_list');
}else
$this->Auth->allow('change_password');
return parent::isAuthorized($user);
}
问题是它总是返回 true。如果我使用 user_type = 3 登录,我可以访问所有方法。