作为参考,我使用的是 SLIM 框架
我的问题是您在下面的代码中看到注释掉的print_r命令。 出于某种原因,变量在 !in_array 函数之前显示正确的值。 我不确定发生了什么,但是当您将变量$allowedUserTypes传递到该函数中时,它似乎使用了(我猜该变量的旧版本来自某个地方)不正确的值。 不确定这怎么可能,因为它在该函数之前工作??. 我猜存在某种范围问题,或者我误解了匿名函数中"USE"关键字的使用。
$validate_user = function ($allowedUserTypes, $templateFolder = 'api'){
return function() use ($allowedUserTypes, $templateFolder){
global $app, $settings, $user, $device;
set_template_directory($templateFolder);
$errors = array();
$validated = true;//assumed valid until proven false.
//check session variables only if not token api call
if($app->request()->params('token') == ''){
//Check for expiration date hack
if($_SESSION['remember']==false){
$now = new DateTime();
$now->modify("-30 minutes");
}else{
$now = new DateTime();
$now->modify("-14 days");
}
//If the cookie still exists then it might have a time value in it. See if it's set.
if(isset($_SESSION['time'])){
//If time now (minus minute) is greater than the session time then hack attempted.
if($now > $_SESSION['time']){
$errors["errors"]["generic"][] = "Permission denied. Cookie expired.";
$validated = false;
unset($_SESSION['time']);
unset($_SESSION['remember']);
unset($_SESSION['userid']);
unset($user);
}
}
}
if(isset($user)){
$usertype = Usertype::find_by_id($user->usertype_id);//get all usertypes
//print_r($allowedUserTypes); --> shows Admin, Manager, Franchise Admin, Franchise Manager
if(!in_array($usertype->name,$allowedUserTypes)){
//print_r($allowedUserTypes); --> shows only Admin, Manager ??
$errors["errors"]["generic"][] = "Permission denied for user type :".$usertype->name;
$validated = false;
}
}else{
$errors["errors"]["generic"][] = "Permission denied. User not logged in. Please log in and try again.";
$validated = false;
}
if($validated==false){
$errors["command"] = "Error";
$errors['message'] = "User could not be validated.";
if($templateFolder=='templates'){
$app->render('shared/header.php', array('settings' => $settings));
$app->render($device.'/header.php', array('settings' => $settings, 'pagetitle' => 'Pool Service USA | Error Page', 'user' => $user));
$app->render($device.'/error.php', array('settings' => $settings, 'errors' => $errors,'device' => $device));
$app->render($device.'/footer.php', array('settings' => $settings));
$app->render('shared/footer.php', array('settings' => $settings));
}else{ //API Based Errors
$app->render('shared/error.php', array(
'settings' => $settings,
'errors' => $errors,
'device' => $device
));
}
$app->stop();//stop rendering to this point.
}
};
};
我将在调用此函数之前和之后显示用于调用此函数的 2 行,以防与它有任何关系。
$app->map('/api/remove-user' ,'get_user',$validate_user(array('Admin','Manager','Franchise Admin','Franchise Manager')),$remove_record_for_class('User')) ->via('GET', 'POST');
$app->map('/api/view-user' ,'get_user',$validate_user(array('Admin','Manager','Franchise Admin','Franchise Manager')),$view_results_for_class('User')) ->via('GET', 'POST');
任何建议不胜感激!
事实证明,
我不小心运行了两次$app->map('')命令,在一种情况下只发送了导致错误的"管理员"和"经理"。 :(,我的一个愚蠢的错误也是如此。 只是去展示提防这些东西。