cakephp 3 url 中传递的参数出错
cakephp 3 Error with passed parameter in url
我正在用 cakephp 3 制作一个应用程序,我想限制普通用户('alumnos' 在这种情况下)只能查看和编辑他们的个人资料,所以我尝试比较已登录用户的 ID和 url 中请求发送的值,但它不起作用,它发送以下错误 "Notice (8): Undefined offset: 0 [APP/Controller\UsersController.php, line 144]",$this->request->params['pass'][0 ] 变量为空。我该如何解决这个问题?
这是我的 userController.php
class UsersController extends AppController{
/**
* Index method
*
* @return void
*/
public function index()
{
$this->paginate = [
'contain' => ['Grados']
];
$this->set('users', $this->paginate($this->Users));
$this->set('_serialize', ['users']);
}
/**
* View method
*
* @param string|null $id User id.
* @return void
* @throws \Cake\Network\Exception\NotFoundException When record not found.
*/
public function view($id = null)
{
$user = $this->Users->get($id, [
'contain' => ['Grados', 'Clases', 'ConveniosUsuarios', 'Desvinculaciones', 'HistorialAlumnos', 'Pagos', 'Pedidos']
]);
$this->set('user', $user);
$this->set('_serialize', ['user']);
}
/**
* Add method
*
* @return void Redirects on successful add, renders view otherwise.
*/
public function add()
{
$user = $this->Users->newEntity();
if ($this->request->is('post')) {
$user = $this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user)) {
$this->Flash->success(__('The user has been saved.'));
return $this->redirect(['action' => 'index']);
} else {
$this->Flash->error(__('The user could not be saved. Please, try again.'));
}
}
$grados = $this->Users->Grados->find('list', ['limit' => 200]);
$this->set(compact('user', 'grados'));
$this->set('_serialize', ['user']);
}
/**
* Edit method
*
* @param string|null $id User id.
* @return void Redirects on successful edit, renders view otherwise.
* @throws \Cake\Network\Exception\NotFoundException When record not found.
*/
public function edit($id = null)
{
$user = $this->Users->get($id, [
'contain' => []
]);
if ($this->request->is(['patch', 'post', 'put'])) {
$user = $this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user)) {
$this->Flash->success(__('The user has been saved.'));
return $this->redirect(['action' => 'index']);
} else {
$this->Flash->error(__('The user could not be saved. Please, try again.'));
}
}
$grados = $this->Users->Grados->find('list', ['limit' => 200]);
$this->set(compact('user', 'grados'));
$this->set('_serialize', ['user']);
}
/**
* Delete method
*
* @param string|null $id User id.
* @return void Redirects to index.
* @throws \Cake\Network\Exception\NotFoundException When record not found.
*/
public function delete($id = null)
{
$this->request->allowMethod(['post', 'delete']);
$user = $this->Users->get($id);
if ($this->Users->delete($user)) {
$this->Flash->success(__('The user has been deleted.'));
} else {
$this->Flash->error(__('The user could not be deleted. Please, try again.'));
}
return $this->redirect(['action' => 'index']);
}
public function beforeFilter(Event $event)
{
$this->Auth->allow(['logout']);
}
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
if ($this->Auth->user('rol') == 'Alumno') {
$this->redirect('users'.DS.'view'.DS.$this->Auth->user('id'));
}else{
return $this->redirect($this->Auth->redirectUrl());
}
}else{
$this->Flash->error(__('Usario o contraseña invalidos!'));
}
}
}
public function logout()
{
return $this->redirect($this->Auth->logout());
}
public function isAuthorized($user)
{
$userid=$this->Auth->user('id');
$id= $this->request->params['pass'][0];//here is the problem!!
$action = $this->request->params['action'];
if ($user['rol']=='Instructor') {
return true;
}else if ($user['rol']!='Instructor') {
if (in_array($action, ['edit', 'view']) && $userid == $id) {
return true;
}
return false;
}
return parent::isAuthorized($user);
}
}
当用户正确debug($this->request->params)时显示:
[
'plugin' => null,
'controller' => 'Users',
'action' => 'view',
'_ext' => null,
'pass' => [
(int) 0 => '4'
]
]
但是如果用户尝试查看其他配置文件 debug($this->request->params) 显示:
[
'plugin' => null,
'controller' => 'Users',
'action' => 'index',
'_ext' => null,
'pass' => []
]
AppController.php
class AppController extends Controller
{
/**
* Initialization hook method.
*
* Use this method to add common initialization code like loading components.
*
* @return void
*/
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authorize' => ['Controller'],
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login'
]
]);
}
public function beforeFilter(Event $event)
{
$this->Auth->allow(['login']);
}
public function isAuthorized($user)
{
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
}
感谢您的编辑。
我相信pass
是在条件in_array()
之后设置的,所以你需要在这个条件之后设置$id
:
public function isAuthorized($user)
{
$userid = $this->Auth->user('id');
$action = $this->request->params['action'];
if ($user['rol'] == 'Instructor') {
return true;
} else if ($user['rol'] != 'Instructor') {
if (in_array($action, ['edit', 'view'])) {
$id = $this->request->params['pass'][0]; // Moved here
if ($userid == $id) {
return true;
}
}
return false;
}
return parent::isAuthorized($user);
}
如果它不起作用,您仍然可以在尝试设置 $id
.
之前检查 $this->request->params['pass'][0]
是否存在
我解决了这个错误,使用这个插件:
https://github.com/AlessandroMinoccheri/UserPermissions
我正在用 cakephp 3 制作一个应用程序,我想限制普通用户('alumnos' 在这种情况下)只能查看和编辑他们的个人资料,所以我尝试比较已登录用户的 ID和 url 中请求发送的值,但它不起作用,它发送以下错误 "Notice (8): Undefined offset: 0 [APP/Controller\UsersController.php, line 144]",$this->request->params['pass'][0 ] 变量为空。我该如何解决这个问题?
这是我的 userController.php
class UsersController extends AppController{
/**
* Index method
*
* @return void
*/
public function index()
{
$this->paginate = [
'contain' => ['Grados']
];
$this->set('users', $this->paginate($this->Users));
$this->set('_serialize', ['users']);
}
/**
* View method
*
* @param string|null $id User id.
* @return void
* @throws \Cake\Network\Exception\NotFoundException When record not found.
*/
public function view($id = null)
{
$user = $this->Users->get($id, [
'contain' => ['Grados', 'Clases', 'ConveniosUsuarios', 'Desvinculaciones', 'HistorialAlumnos', 'Pagos', 'Pedidos']
]);
$this->set('user', $user);
$this->set('_serialize', ['user']);
}
/**
* Add method
*
* @return void Redirects on successful add, renders view otherwise.
*/
public function add()
{
$user = $this->Users->newEntity();
if ($this->request->is('post')) {
$user = $this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user)) {
$this->Flash->success(__('The user has been saved.'));
return $this->redirect(['action' => 'index']);
} else {
$this->Flash->error(__('The user could not be saved. Please, try again.'));
}
}
$grados = $this->Users->Grados->find('list', ['limit' => 200]);
$this->set(compact('user', 'grados'));
$this->set('_serialize', ['user']);
}
/**
* Edit method
*
* @param string|null $id User id.
* @return void Redirects on successful edit, renders view otherwise.
* @throws \Cake\Network\Exception\NotFoundException When record not found.
*/
public function edit($id = null)
{
$user = $this->Users->get($id, [
'contain' => []
]);
if ($this->request->is(['patch', 'post', 'put'])) {
$user = $this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user)) {
$this->Flash->success(__('The user has been saved.'));
return $this->redirect(['action' => 'index']);
} else {
$this->Flash->error(__('The user could not be saved. Please, try again.'));
}
}
$grados = $this->Users->Grados->find('list', ['limit' => 200]);
$this->set(compact('user', 'grados'));
$this->set('_serialize', ['user']);
}
/**
* Delete method
*
* @param string|null $id User id.
* @return void Redirects to index.
* @throws \Cake\Network\Exception\NotFoundException When record not found.
*/
public function delete($id = null)
{
$this->request->allowMethod(['post', 'delete']);
$user = $this->Users->get($id);
if ($this->Users->delete($user)) {
$this->Flash->success(__('The user has been deleted.'));
} else {
$this->Flash->error(__('The user could not be deleted. Please, try again.'));
}
return $this->redirect(['action' => 'index']);
}
public function beforeFilter(Event $event)
{
$this->Auth->allow(['logout']);
}
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
if ($this->Auth->user('rol') == 'Alumno') {
$this->redirect('users'.DS.'view'.DS.$this->Auth->user('id'));
}else{
return $this->redirect($this->Auth->redirectUrl());
}
}else{
$this->Flash->error(__('Usario o contraseña invalidos!'));
}
}
}
public function logout()
{
return $this->redirect($this->Auth->logout());
}
public function isAuthorized($user)
{
$userid=$this->Auth->user('id');
$id= $this->request->params['pass'][0];//here is the problem!!
$action = $this->request->params['action'];
if ($user['rol']=='Instructor') {
return true;
}else if ($user['rol']!='Instructor') {
if (in_array($action, ['edit', 'view']) && $userid == $id) {
return true;
}
return false;
}
return parent::isAuthorized($user);
}
}
当用户正确debug($this->request->params)时显示:
[
'plugin' => null,
'controller' => 'Users',
'action' => 'view',
'_ext' => null,
'pass' => [
(int) 0 => '4'
]
]
但是如果用户尝试查看其他配置文件 debug($this->request->params) 显示:
[
'plugin' => null,
'controller' => 'Users',
'action' => 'index',
'_ext' => null,
'pass' => []
]
AppController.php
class AppController extends Controller
{
/**
* Initialization hook method.
*
* Use this method to add common initialization code like loading components.
*
* @return void
*/
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authorize' => ['Controller'],
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login'
]
]);
}
public function beforeFilter(Event $event)
{
$this->Auth->allow(['login']);
}
public function isAuthorized($user)
{
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
}
感谢您的编辑。
我相信pass
是在条件in_array()
之后设置的,所以你需要在这个条件之后设置$id
:
public function isAuthorized($user)
{
$userid = $this->Auth->user('id');
$action = $this->request->params['action'];
if ($user['rol'] == 'Instructor') {
return true;
} else if ($user['rol'] != 'Instructor') {
if (in_array($action, ['edit', 'view'])) {
$id = $this->request->params['pass'][0]; // Moved here
if ($userid == $id) {
return true;
}
}
return false;
}
return parent::isAuthorized($user);
}
如果它不起作用,您仍然可以在尝试设置 $id
.
$this->request->params['pass'][0]
是否存在
我解决了这个错误,使用这个插件: https://github.com/AlessandroMinoccheri/UserPermissions