CakePHP 2.x ACL - 在所有者级别进行控制

I am able to control my application using ACL, everything done perfectly and application is working smooth with ACL and Auth.

Now the problem is:

I have two tables, users and posts. there is no RBAC (role based access control). I am setting deny and allow for each user like follow.

//allow User1 to do everything
$user->id=1;
$this->ACL->allow($user,'controllers');

//allow User2 to add, edit and view the posts 
$user->id=2;
$this->Acl->deny($user, 'controllers');
$this->Acl->allow($user, 'controllers/Posts');

but here I am getting one problem:

user2 is getting access to edit the posts of user1.

example:

User1 created a post1.

now User2 logged in now he can edit the User1's post (i.e. post1- /localhost/myApp/posts/edit/1)

Question: How can I set ACL permission to this problem, The owner of the post can only edit the post and others can not.

I can achieve this in controller level simply checking

if($_SESSION['Auth']['User']['id'] == $Post['Post']['user_id']){
    // you're the owner, so u can edit
}else{
    //u cant edit, this is not ur post
}

but I need ACL to work here, Is it possible?, Please help

Thanks

douzai3399
douzai3399 谢谢,我会试着这个并回复你。
4 年多之前 回复
drfu29983
drfu29983 阅读文档似乎可以为每个帖子创建一个ACO并为其设置用户级权限。但是你仍然需要使用$this->Acl->check(...)来检查权限。ACL授权处理程序只检查操作级别的权限。请参阅手册
4 年多之前 回复
doulu2591
doulu2591 我从来没有如此深入地使用ACL,但我认为你必须首先将你的帖子设置为acospublic$actsAs=array('acl'=>array('type'=>'controlled'));并为每个帖子创建一个节点,就像为每个用户创建一个节点一样
4 年多之前 回复
duanchuanqu593743
duanchuanqu593743 ,感谢评论我试过,不工作,你能建议任何其他解决方案:)
4 年多之前 回复
doufei8691
doufei8691 不确定它是否有效你尝试过这样的事情:$this->Acl->allow($user,'controllers/Posts'/edit/1)等等?
4 年多之前 回复
dongzhan2029
dongzhan2029 如果它是一个javascript问题我会立即得到结果,但我运气不好,这个cakephp。很坏,:(
4 年多之前 回复

1个回答

here's how I would do

first of all tell Cake that Post model is an ACO

 // Post.php model file
 $actsAs = array('Acl' => array('type' => 'controlled'));

this way every time you create a new post cake will automatically create an item in the acos table.

pay attention: you'll have to manually create the node for the previously created Posts, this way:

// for every Post in your posts table

$this->Acl->Aco->create(array('alias' => 'Post', 'id' => 123));
$this->Acl->Aco->save();

then you have to define a parentNode() function in your Post Model file

// Post.php model file
public function parentNode() {
    return null;
}

Now the ACL auth handler check form permission just at an action level. In other words it just checks that you're allowed to access the action. Then it demands other checks at a controller level by the isAuthorized() function.

so first you have to set the permission for every node

$this->Acl->allow($user, 'controllers/Posts/edit/123')

then in your controller you have to do

 // PostsController.php 
 public function isAuthorized($user = null) {

    if ($this->request->action === 'edit') {
        $user = // retrieve the user array. i.e. from Session
        $post_id = $this->request->$this->request->pass[0];
        $post = array('alias' => 'Post', 'id' => $post_id );
        return this->Acl->check($user, $post);
    }
    return parent::isAuthorized($user);
}

you can also implement parentNode() function to return the owner of the Post instead of null

// Post.php model file

// just an hint, the actual code should be 
// a bit more complex
public function parentNode() {
    $user_id = $this->field('user_id');
    return array('User' => array('id' => $user_id));
}

this way don't have to set the permission for every single post because cake will check if the user has access to the parent node of the Post (who is a user too). So you just have to set the permission for every user

$this->Acl->allow($user, $user);

If you follow this method remember to set the user as an ACO too

// User.php Model file

$actsAs = array('Acl' => array('type' => 'both'));

I did not test the code above so I guess there are a lot of typos and errors too. If I have time i'll do some tests and improve my answer in the next days

dragonpeng200811111
dragonpeng200811111 谢谢,我会马上尝试这个,看起来像是体面的解决方案:)
4 年多之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问