0
我在数据库,管理员和用户有两个表。管理员应该只打开有9个控制器的管理员面板。用户将看到有一个控制器名称为“HomeController”的前端。(CakePHP)是授权相关问题。任何人都可以请看一下吗?
当用户登录时,他能够访问仅用于管理员的控制器。当管理员登录时,他可以打开仅供用户使用的控制器。我如何防止这种情况?
AppController的:
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Admin' => array(
'userModel' => 'Admin',
'fields' => array(
'username' => 'username',
'password' => 'password'
)
),
'User' => array(
'userModel' => 'User',
'fields' => array(
'username' => 'username',
'password' => 'password'
)
)
)
)
);
public function beforeFilter()
{
}
}
TransactionsController:(这是由管理员可以访问)
public function beforeFilter()
{
$this->Auth->loginRedirect = array('controller' => 'items', 'action' => 'index');
$this->Auth->logoutRedirect = array('controller' => 'admins', 'action' => 'login');
$this->Auth->loginAction = array('controller' => 'admins', 'action' => 'login');
// Basic setup
$this->Auth->authenticate = array('Form');
// Pass settings in
$this->Auth->authenticate = array(
'Form' => array('userModel' => 'Admin')
);
}
public function isAuthorized($admin)
{
if(isset($admin['Admin']['id']))
{
return true;
}
return false;
}
HomeController中:(这是由用户可以访问)
public function beforeFilter()
{
$this->Auth->loginRedirect = array('controller' => 'home', 'action' => 'index');
$this->Auth->logoutRedirect = array('controller' => 'users', 'action' => 'login');
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
// Basic setup
$this->Auth->authenticate = array('Form');
// Pass settings in
$this->Auth->authenticate = array(
'Form' => array('userModel' => 'User')
);
$this->Auth->allow('view', 'index', 'item', 'itemlist', 'search');
}
public function isAuthorized($user)
{
if(isset($user['User']['id']))
{
return true;
}
return false;
}