重定向AuthComponent::$unauthorizedRedirect
当用户访问一个不允许访问的操作时_unauthorized方法会错误地重定向
正确:localhost/project/index
重定向位置:localhost/project/project/index
我正在使用acl
AppController.php
<?php
App::uses('Controller', 'Controller');
class AppController extends Controller {
public $components = array('Acl','Session','DebugKit.Toolbar','RequestHandler','Auth');
public $helpers = array('Html','Form','Session');
public $uses = array('Role');
public $roleId;
public $UAP;
public $aroId;
public function beforeFilter()
{
if ($this->Session->check('Config.language')) {
Configure::write('Config.language', $this->Session->read('Config.language'));
}
$this->Auth->authorize = array(
AuthComponent::ALL => array('actionPath' => 'controllers/','userModel' => 'Role'),
'Actions',
);
$this->Auth->authenticate = array(
'Blowfish' => array(
'userModel' => 'User'
)
);
if(!$this->_isAdmin()){
$this->roleId = $this->getRoleId();
$this->UAP = $this->Role->find('first',array('conditions'=>array('Role.id'=>$this->roleId)));
$aro = $this->Acl->Aro->find('first',array(
'conditions'=>array(
'Aro.model'=>'Role',
'Aro.foreign_key'=>$this->roleId)));
$this->aroId = $aro['Aro']['id'];
$allow = array_merge($this->_getAllowed(), array('display'));
$this->Auth->allowedActions = $allow;
}
//Configure AuthComponent
$this->Auth->loginAction = array(
'controller' => 'users',
'action' => 'login'
);
$this->Auth->logoutRedirect = array(
'controller' => 'users',
'action' => 'login'
);
$this->Auth->loginRedirect = array(
'controller' => 'pages',
'action' => 'display',
'home'
);
$this->Auth->authError = __('Not Authorized');
return parent::beforeFilter();
}
protected function _getAllowed($actionsIds = null, $controllerActions = null){
if(is_null($actionsIds)){
$actionsIds = $this->_getAllowedActionsIds();
}
if(is_null($controllerActions)){
$controllerActions = $this->_getControllerActions();
}
$allow = array();
foreach ($actionsIds as $value) {
array_push($allow, $controllerActions[$value]);
}
return $allow;
}
protected function _getAllowedActionsIds($allowedActions = null){
if(is_null($allowedActions)){
$allowedActions = $this->_getAllowedActions();
}
return array_values($allowedActions);
}
protected function _getAllowedActions($aroId = null, $acoId = null){
if(is_null($aroId)){
$aroId = $this->aroId;
}
if(is_null($acoId)){
$acoId = $this->_getControllerActionsIds();
}
$result = $this->Acl->Aco->Permission->find('list',array(
'conditions'=>array(
'Permission.aro_id'=>$aroId,
'Permission.aco_id'=>$acoId,
'Permission._create'=>1,
'Permission._read'=>1,
'Permission._update'=>1,
'Permission._delete'=>1,
),
'fields'=>array('id','aco_id'),
'recursive'=>'-1'));
return $result;
}
protected function _getControllerActionsIds($controllerActions = null){
if(is_null($controllerActions)){
$controllerActions = $this->_getControllerActions();
}
return array_keys($controllerActions);
}
protected function _getControllerActions($node = null){
if(is_null($node)){
$node = $this->_getNodeController();
}
return $this->Acl->Aco->find(
'list',array(
'conditions'=>array('Aco.parent_id'=>$node['0']['Aco']['id']),
'fields'=>array('Aco.id','Aco.alias'),
'recursive'=>'-1',
));
}
protected function _getNodeController(){
return $this->Acl->Aco->node("controllers/{$this->name}");
}
protected function _isAdmin(){
if($this->Auth->user() && $this->Auth->user('role_id') == 1){
$this->Auth->allow();
return true;
}
return false;
}
public function getRoleId(){
if(!is_null($this->Auth->user('role_id'))){
return $this->Auth->user('role_id');
}
return 9; //Usuário não cadastrado
}
}
?>
我找到了答案。老兄,你可以在AppController中添加这样的未授权重定向:
public $components = array(
'Acl',
'Auth' => array(
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'authError' => 'Did you really think you are allowed to see that?',
'unauthorizedRedirect' => array(
'controller' => 'users',
'action' => 'index',
'prefix' => false)
),
'Session'
);
这里可以指定任何未经授权的重定向或自定义未经授权的页面
我在Acl中也遇到过同样的问题。
据我所知,当一个经过身份验证的用户试图访问一个他们没有被授权这样做的对象时,CakePHP首先尝试将他们重定向到他们的referrer URL,或$loginRedirect
,或者只是普通的根。
由于某种原因(我不假装理解),这不起作用,并且输出$loginRedirect
的乱码版本。在我的情况下,CakePHP安装在localhost/cakephp
中,所以我得到了localhost/cakephp/cakephp
的请求。如果$loginRedirect
指向一个控制器,它将指向localhost/cakephp/cakephp/controller/method
。
$unauthorizedRedirect
。public $unauthorizedRedirect = true;
public $unauthorizedRedirect = '/';
控制未授权访问的处理。* -默认值true
未授权用户被重定向到referer URL*或AuthComponent::$loginRedirect或'/'。* -如果设置为字符串或数组,该值将用作重定向到的URL。* -如果设置为false,则抛出ForbiddenException异常,而不是重定向。
所以我同意Charles Barry说的话
似乎只有当您的项目位于子目录中时才会发生这种行为。
文档声明"默认情况下,未经授权的用户被重定向到推荐人URL或AuthComponent::$loginRedirect
或‘/’
.",按此顺序。
如果$loginRedirect
是一个数组,那么在AuthComponent::redirectUrl
中,该数组将被转换为带有"特殊"参数的URL:
Router::url($redir + array('base' => false));
这个参数'base' => false
去掉URL的基础,因此登录后的重定向即使在子目录中也有效。
不幸的是,在AuthComponent的function _unauthorized
中,$loginRedirect
中的URL通过使用Controller::referer
从数组转换为字符串,并且没有使用特殊参数'base' => false
。
$loginRedirect
,例如
$this->Auth->loginRedirect = array(
'controller' => 'posts',
'action' => 'index',
'base' => false
);
如果你决定设置$unauthorizedRedirect
,如Manoj Sharma所建议的,每个未经授权的请求都被重定向到这个URL,而不是到referrer URL。如果用户在单击未经授权的链接后只得到authError消息,那么这可能是不需要的,但是如果输入未经授权的URL,则应该重定向。