我在CakePHP 3.x上使用CakeDC用户插件来创建简单的基于角色的授权。
我有一堆/admin/路由,需要登录才能访问。我创建了一个新的操作,我想公开,但由于某种原因,我一直被发送登录。这是我现有的权限.pp:
return [
'Users.SimpleRbac.permissions' => [
# Admins can do anything
[
'role' => 'admin',
'plugin' => '*',
'prefix' => '*',
'controller' => '*',
'action' => '*',
],
# Users can only see a list and view an item
[
'role' => 'user',
'plugin' => false,
'prefix' => 'admin',
'controller' => '*',
'action' => ['index', 'view', 'search'],
],
# Only allow a user to logout within the CakeDC/User's plugin
[
'role' => 'user',
'prefix' => '*',
'plugin' => 'CakeDC/Users',
'controller' => 'Users',
'action' => ['logout'],
],
],
];
以下是我试图添加的不起作用的内容:
...
# anyone is allowed to do the .../dispatch method
[
'role' => '*',
'controller' => '*',
'action' => ['dispatch'],
],
我错过了什么??
事实证明,我的问题与CakeDC/Users插件无关。似乎是我的"非CRUD"操作名称导致CakePHP不允许它。我不完全明白为什么。但当我补充。。。
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow('dispatch');
}
一切如预期。