CakePHP 3：用户不允许注销？

Question

我正在学习CakePHP 3申请实习，目前我正在按照Official cookbook from cakePHP.org的教程，但我讨厌这本书。这很混乱。

无论如何，我做了Bookmarker示例的步骤，它有点儿工作，我做了一切，就像本书告诉我要做的一样，直到登录&注销部分，但是当我尝试从系统注销时，它告诉我“您无权访问该位置。”

如果您需要我项目中的其他代码，请告诉我。

要注销，我指导用户用下面的代码，它产生链接server/users/logout：

<?= $this->Html->link(__('Log out'), ['controller' => 'Users', 'action' => 'logout']) ?> 

/rootOfProject/src/Controller/AppController.php：

namespace App\Controller; 
use Cake\Controller\Controller; 

class AppController extends Controller { 
    public function initialize() { 
     $this->loadComponent('Flash'); 
     $this->loadComponent('Auth', [ 
      'authenticate' => [ 
       'Form' => [ 
        'fields' => [ 
         'username' => 'email', 
         'password' => 'password' 
        ] 
       ] 
      ], 
      'unauthorizedRedirect' => [ 
       'controller' => 'Users', 
       'action' => 'login' 
      ], 
      'authorize' => 'Controller' 
     ]); 
     $this->Auth->allow(['display']); 
    } 
    public function isAuthorized($user) { 
     return false; 
    } 
} 

/rootOfProject/src/Controller/UsersController.php：

namespace App\Controller; 
use App\Controller\AppController; 
class UsersController extends AppController { 
    public function index() { 
     $this->set('users', $this->paginate($this->Users)); 
    } 
    public function view($id = null) { 
     $user = $this->Users->get($id, [ 
      'contain' => ['Bookmarks'] 
     ]); 
     $this->set('user', $user); 
    } 
    public function add() { 
     $user = $this->Users->newEntity($this->request->data); 
     if ($this->request->is('post')) { 
      if ($this->Users->save($user)) { 
       $this->Flash->success('The user has been saved.'); 
       return $this->redirect(['action' => 'index']); 
      } else { 
       $this->Flash->error('The user could not be saved. Please, try again.'); 
      } 
     } 
     $this->set(compact('user')); 
    } 
    public function edit($id = null) { 
     $user = $this->Users->get($id, [ 
      'contain' => [] 
     ]); 
     if ($this->request->is(['patch', 'post', 'put'])) { 
      $user = $this->Users->patchEntity($user, $this->request->data); 
      if ($this->Users->save($user)) { 
       $this->Flash->success('The user has been saved.'); 
       return $this->redirect(['action' => 'index']); 
      } else { 
       $this->Flash->error('The user could not be saved. Please, try again.'); 
      } 
     } 
     $this->set(compact('user')); 
    } 
    public function delete($id = null) { 
     $user = $this->Users->get($id); 
     $this->request->allowMethod(['post', 'delete']); 
     if ($this->Users->delete($user)) { 
      $this->Flash->success('The user has been deleted.'); 
     } else { 
      $this->Flash->error('The user could not be deleted. Please, try again.'); 
     } 
     return $this->redirect(['action' => 'index']); 
    } 
    public function login() { 
     if ($this->request->is('post')) { 
      $user = $this->Auth->identify(); 
      if ($user) { 
       $this->Auth->setUser($user); 
       return $this->redirect($this->Auth->redirectUrl()); 
      } 
      $this->Flash->error('Your username or password is incorrect.'); 
     } 
    } 
    public function logout() { 
     $this->Flash->success('You are now logged out.'); 
     return $this->redirect($this->Auth->logout()); 
    } 
    public function beforeFilter(\Cake\Event\Event $event) { 
     $this->Auth->allow(['add']); 
    } 
} 

Answer 1

您拒绝访问对于您的isAuthorized()回调只返回false的所有用户。因此只有明确允许的操作（$this->Auth->allow()）以及隐式允许的登录操作才可以访问。

如果您不想执行任何授权（验证！=授权）检查，请从您的控制器中除去回调，以及从验证组件配置中删除authorize选项。

有关授权的更多信息，请参阅http://book.cakephp.org/3.0/en/controllers/components/authentication.html#authorization。

Answer 2

在你的AppController中添加以下内容：

<?php 
    public function isAuthorized($user) 
    { 
     $action = $this->request->params['action']; 

     // The add and index actions are always allowed. 
     if (in_array($action, ['logout'])) { 
      return true; 
     }else{ 
      return false; 
     } 
} 
?>