我正在学习 cakePHP 3 来申请实习,我目前正在学习 cakePHP.org 官方食谱中的教程,但我讨厌这本书。这非常令人困惑。
无论如何,我做了书签示例的步骤,它有点工作,我按照书告诉我的那样做了所有事情,直到登录和注销部分,但是当我尝试从系统注销时,它告诉我"您无权访问该位置。
如果您需要我的项目中的任何进一步代码,请告诉我。
要注销,我使用以下代码指导用户,该代码会生成指向server/users/logout
的超链接:
<?= $this->Html->link(__('Log out'), ['controller' => 'Users', 'action' => 'logout']) ?>
/rootOfProject/src/Controller/AppController.php:
namespace App'Controller;
use Cake'Controller'Controller;
class AppController extends Controller {
public function initialize() {
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'unauthorizedRedirect' => [
'controller' => 'Users',
'action' => 'login'
],
'authorize' => 'Controller'
]);
$this->Auth->allow(['display']);
}
public function isAuthorized($user) {
return false;
}
}
/rootOfProject/src/Controller/UsersController.php:
namespace App'Controller;
use App'Controller'AppController;
class UsersController extends AppController {
public function index() {
$this->set('users', $this->paginate($this->Users));
}
public function view($id = null) {
$user = $this->Users->get($id, [
'contain' => ['Bookmarks']
]);
$this->set('user', $user);
}
public function add() {
$user = $this->Users->newEntity($this->request->data);
if ($this->request->is('post')) {
if ($this->Users->save($user)) {
$this->Flash->success('The user has been saved.');
return $this->redirect(['action' => 'index']);
} else {
$this->Flash->error('The user could not be saved. Please, try again.');
}
}
$this->set(compact('user'));
}
public function edit($id = null) {
$user = $this->Users->get($id, [
'contain' => []
]);
if ($this->request->is(['patch', 'post', 'put'])) {
$user = $this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user)) {
$this->Flash->success('The user has been saved.');
return $this->redirect(['action' => 'index']);
} else {
$this->Flash->error('The user could not be saved. Please, try again.');
}
}
$this->set(compact('user'));
}
public function delete($id = null) {
$user = $this->Users->get($id);
$this->request->allowMethod(['post', 'delete']);
if ($this->Users->delete($user)) {
$this->Flash->success('The user has been deleted.');
} else {
$this->Flash->error('The user could not be deleted. Please, try again.');
}
return $this->redirect(['action' => 'index']);
}
public function login() {
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error('Your username or password is incorrect.');
}
}
public function logout() {
$this->Flash->success('You are now logged out.');
return $this->redirect($this->Auth->logout());
}
public function beforeFilter('Cake'Event'Event $event) {
$this->Auth->allow(['add']);
}
}
您拒绝所有用户的访问,您的isAuthorized()
回调只返回 false。因此,只有显式允许的操作($this->Auth->allow()
)以及隐式允许的登录操作才能访问。
如果您不想实现任何授权(身份验证 != 授权)检查,请从控制器中删除回调以及身份验证组件配置中的authorize
选项。
有关授权的详细信息,请参阅 http://book.cakephp.org/3.0/en/controllers/components/authentication.html#authorization。
在您的应用程序控制器中添加以下内容:
<?php
public function isAuthorized($user)
{
$action = $this->request->params['action'];
// The add and index actions are always allowed.
if (in_array($action, ['logout'])) {
return true;
}else{
return false;
}
}
?>