CakePHP的3 - 对于相关的表
问题描述:
在CakePHP 3 Blog Tutorial所有权授权,用户有条件地授权使用操作,如编辑和删除基于与下面的代码所有权:CakePHP的3 - 对于相关的表
public function isAuthorized($user)
{
// All registered users can add articles
if ($this->request->getParam('action') === 'add') {
return true;
}
// The owner of an article can edit and delete it
if (in_array($this->request->getParam('action'), ['edit', 'delete'])) {
$articleId = (int)$this->request->getParam('pass.0');
if ($this->Articles->isOwnedBy($articleId, $user['id'])) {
return true;
}
}
return parent::isAuthorized($user);
}
public function isOwnedBy($articleId, $userId)
{
return $this->exists(['id' => $articleId, 'user_id' => $userId]);
}
我一直在试图实施类似的东西为我自己的桌子。例如,我有一个付款表,它通过几个不同的表格链接到用户,如下所示:
- 用户 - >客户 - >预订 - >付款。
每个外键:
-
user_id
在客户表=Users->id
(用户hasOne顾客) - 在预订
customer_id
表=Customers->id
(客户的hasMany登记) 在付款表
-
booking_id
=Bookings->id
(Booking has Many Payment)
我AppController中的初始化函数:
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('Auth',[
'authorize' => 'Controller',
]);
$this->Auth->allow(['display']); //primarily for PagesController, all other actions across the various controllers deny access by default
}
在我PaymentsController,我有以下
public function initialize()
{
parent::initialize();
}
public function isAuthorized($user)
{
if (in_array($this->request->action,['view', 'edit', 'index', 'add']
return (bool)($user['role_id'] === 1); //admin functions
}
if (in_array($this->request->action,['cart'])) {
return (bool)($user['role_id'] === 2) //customer function
}
if (in_array($this->request->action, ['cart'])) {
$bookingId = (int)$this->request->getParam('pass.0');
if ($this->Payments->isOwnedBy($bookingId, $user['id'])) {
return true;
}
}
return parent::isAuthorized($user);
}
public function isOwnedBy($bookingId, $userId)
{
return $this->exists(['id' => $bookingId, 'user_id' => $userId]);
}
我不确定如何通过不同的链接表来决定所有权归属。
- 目前,如果支付预订#123的客户只需更改网址,以便为预订#111支付费用,前提是预订存在于数据库中。
- 此外,预订ID被传递给购物车功能(因为客户正在为特定预订付款)。例如:如果客户为Booking#123付款,则URL = localhost/project/payments/cart/123。提交购物车后,会创建一个新的付款条目。
另外,关于getParam和isOwnedBy方法,在我的编辑鼠标悬停在此显示:
Method 'getParam' not found in \Cake\Network\Request
Method 'isOwnedBy' not found in App\Model\Table\PaymentsTable
不过,我已经通过了整BlogTutorial并且无法在模型中使用或设置其他任何getParam或isOwnedBy。
答
在PaymentsController的IsAuthorized功能:
if (in_array($this->request->action, ['cart'])) {
$id = $this->request->getParam('pass'); //use $this->request->param('pass') for CakePHP 3.3.x and below.
$booking = $this->Payments->Bookings->get($id,[
'contain' => ['Artists']
]);
if ($booking->artist->user_id == $user['id']) {
return true;
}
}
在你的'PaymentsController :: isAuthorized()',怎么会第三条件'如果(in_array($这个 - >请求 - >行动,['车'])){当第二个(相同)条件成立时,会被满足吗? –
啊耶忘了。我删除它。无论所有权如何,尝试访问购物车页面时,我现在都将'Method getParam不存在'视为Cake错误。 – mistaq
已修复,稍后会回复。 – mistaq