问题
Can any one explain me the working of Auth->authorize = "actions"
In my project i am planning tp give this.
As this taught me the authorize will call the $this->Aro->check($user,"controllers/:controller/:action")
This will check the against the user right??
that means the user should be there in aros table.
But i don't need this to check against user but i need to check against a group
How can i achive this.
now when the users is not in Aro table it showing the
So that The Aro's will be only the groups and adding of users to the Aros is needed
thankz in advance
回答1:
Got the solution
using this reference
i extended the AuthComponent to CustomAuth and overridden the isAutorized()
method in the AuthComponent as follows
in controllers/components/custom_auth.php
<?php
App::import('Component','Auth');
class CustomAuthComponent extends AuthComponent {
public function isAuthorized($type = null, $object = null, $user = null) {
$actions = $this->__authType($type);
if( $actions['type'] != 'actions' ){
return parent::isAuthorized($type, $object, $user);
}
if (empty($user) && !$this->user()) {
return false;
} elseif (empty($user)) {
$user = $this->user();
}
$group = array('model' => 'Group','foreign_key' =>$user['Login']['group_id']);
$valid = $this->Acl->check($group, $this->action());
return $valid;
}
}
?>
in app_controller.php
function beforeFilter()
{
$this->CustomAuth->userModel = 'Login';
$this->CustomAuth->allowedActions = array('display');
$this->CustomAuth->actionPath = 'controllers/';
$this->CustomAuth->authorize = 'actions';
}
This solved my issue :)
回答2:
Take a look at this chapter. To check a group permission do this ('model' and 'foreign_key' values are from aros table):
$this->Acl->check(
array('model' => 'Group', 'foreign_key' => 2),
'controller/action'
);
来源:https://stackoverflow.com/questions/3413747/check-permission-against-group-not-users-using-auth-authorize-actions