问题描述
默认情况下,授权插件适用于全局范围。对于一些我不想申请任何授权的控制器。我必须为每个操作手动使用 skipAuthorization
配置。对于身份验证插件,我只能为每个需要身份验证的控制器加载身份验证组件。但是,即使我没有在控制器中加载授权组件,授权中间件似乎也能正常工作。那么,这是为什么呢?有没有办法可以禁用整个控制器的授权过程?
解决方法
您可能指的是身份验证而不是授权。无论如何,来自文档:
// in src/Controller/AppController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('Authentication.Authentication');
}
默认情况下,组件将要求所有用户都使用经过身份验证的用户 行动。您可以使用以下命令在特定控制器中禁用此行为 allowUnauthenticated():
// in a controller beforeFilter or initialize // Make view and index not require a logged in user.
$this->Authentication->allowUnauthenticated(['view','index']);
更多信息:The Authentication plugin in the Cake Book。
,我认为你的做法不对。对于授权,您必须编写请求策略。每当您烘焙控制器时,只需添加 --prefix Admin 或您想要的任何内容。
cake bake controller Users --prefix Admin
将所有管理控制器放在一个地方。 在路由文件中添加路由
$builder->prefix('Admin',['_namePrefix' => 'admin:'],function (RouteBuilder $builder) {
$builder->connect('/',['controller' => 'Users','action' => 'Index']);
$builder->fallbacks(DashedRoute::class);
});
` 请求政策。创建一个角色表并在 Users 表中添加列 role_id ,其余的您将通过下面的代码理解。
<?php
namespace App\Policy;
use Authorization\IdentityInterface;
use Authorization\Policy\RequestPolicyInterface;
use Cake\Http\ServerRequest;
class RequestPolicy implements RequestPolicyInterface
{
/**
* Method to check if the request can be accessed
*
* @param IdentityInterface|null Identity
* @param ServerRequest $request Server Request
* @return bool
*/
public function canAccess($identity,ServerRequest $request)
{
$role = 0;
if(!empty($identity)){
$data = $identity->getOriginalData();
$role = $data['role_id'];
}
if(!empty($request->getParam('prefix'))){
switch($request->getParam('prefix')){
case 'User' : return (bool)($role === 3);
case 'Admin': return (bool)($role === 1) || (bool)($role === 2);
}
}else{
return true;
}
return false;
}
}
`
然后为应用程序实现 AuthorizationServiceProviderInterface
use App\Policy\RequestPolicy;
use Authorization\AuthorizationServiceProviderInterface;
use Authorization\AuthorizationService;
use Authorization\Policy\MapResolver;
use Cake\Http\ServerRequest;
use Psr\Http\Message\ServerRequestInterface;
class Application extends BaseApplication implements AuthorizationServiceProviderInterface{
public function getAuthorizationService(ServerRequestInterface $request): AuthorizationServiceInterface
{
$mapResolver = new MapResolver();
$mapResolver->map(ServerRequest::class,RequestPolicy::class);
return new AuthorizationService($mapResolver);
}
}