我正在使用CakePHP开发一个 Restful API,我正在尝试实现一个自定义授权,该授权使用ACL授权用户,代码看起来像
<?php
App::uses('BaseAuthorize', 'Controller/Component/Auth');
class ApiAuthorize extends BaseAuthorize {
public function authorize($user, CakeRequest $request) {
$allowed = false;
$Acl = $this->_Collection->load('Acl');
list($plugin, $userModel) = pluginSplit($this->settings['userModel']);
$action = $this->action($request);
$cacheName = 'permissions_' . strval($user['id']);
if (($permissions = Cache::read($cacheName, 'permissions')) === false) {
$permissions = array();
Cache::write($cacheName, $permissions, 'permissions');
}
if (!isset($permissions[$action])) {
$User = ClassRegistry::init($this->settings['userModel']);
$User->id = $user['id'];
$allowed = $Acl->check($User, $action);
$permissions[$action] = $allowed;
Cache::write($cacheName, $permissions, 'permissions');
$hit = false;
} else {
$allowed = $permissions[$action];
$hit = true;
}
return $allowed;
}
}
我正在为网站(使用croogo开发)和API使用相同的数据库,因此我的数据库已经具有网站的
acos
,aros
和aros_acos
表,因此对于API,我创建了具有api_扩展名的ACL表,例如api_acos
,api_aros
和api_aros_api_acos
我的ACL表的新架构是
CREATE TABLE IF NOT EXISTS `api_acos` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`parent_id` int(10) DEFAULT NULL,
`model` varchar(255) DEFAULT '',
`foreign_key` int(10) unsigned DEFAULT NULL,
`alias` varchar(255) DEFAULT '',
`lft` int(10) DEFAULT NULL,
`rght` int(10) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
CREATE TABLE IF NOT EXISTS `api_acos_api_aros` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`api_aro_id` int(10) unsigned NOT NULL,
`api_aco_id` int(10) unsigned NOT NULL,
`_create` char(2) NOT NULL DEFAULT '0',
`_read` char(2) NOT NULL DEFAULT '0',
`_update` char(2) NOT NULL DEFAULT '0',
`_delete` char(2) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
CREATE TABLE IF NOT EXISTS `api_aros` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`parent_id` int(10) DEFAULT NULL,
`model` varchar(255) DEFAULT '',
`foreign_key` int(10) unsigned DEFAULT NULL,
`alias` varchar(255) DEFAULT '',
`lft` int(10) DEFAULT NULL,
`rght` int(10) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
我从这里使用自定义ACL类https://github.com/FriendsOfCake/Authorize/blob/master/Controller/Component/Acl/HabtmDbAcl.php
我的问题是在哪里以及如何使用新数据库表(
api_acos
,api_aros
和api_aros_api_acos
)进行ACL查找?请为我指向可自定义ACL授权实现引用的代码。 最佳答案
我只是将Croogo的现有acl表与API的其他根节点重复使用。
这也是Croogo核心所做的。不幸的是,默认情况下,安装数据不提供此功能。
您可以通过运行api
shell创建Acl.extras
根节点:
$ Console/cake acl.extras aco_sync
Welcome to CakePHP v2.5.1 Console
---------------------------------------------------------------
App : croogo-app
Path: /home/rachman/work/personal/deploy/croogo-app/
---------------------------------------------------------------
Skipped Aco node: controllers/Croogo/CroogoError
Created Aco node: controllers/Extensions/ExtensionsDashboard
Created Aco node: controllers/Extensions/ExtensionsDashboard/admin_index
Created Aco node: controllers/Extensions/ExtensionsPlugins/admin_moveup
Created Aco node: controllers/Extensions/ExtensionsPlugins/admin_movedown
Created Aco node: controllers/Menus/Links/admin_link_chooser
Created Aco node: controllers/Menus/Menus/admin_toggle
Created Aco node: controllers/Meta/Meta
Created Aco node: controllers/Meta/Meta/admin_delete_meta
Created Aco node: controllers/Meta/Meta/admin_add_meta
Created Aco node: api/v1_0/Nodes/Nodes/lookup
Created Aco node: api/v1_0/Users/Users/lookup
Created Aco node: controllers/Wysiwyg
Aco Sync Complete
您可以根据API要求手动添加必要的ACO,或使用ApiComponent作为基础,这将使extras Shell可以为以后自动创建它。
UserApiComponent
和NodeApiComponent
可以提供一些有关如何实现API方法的示例。关于php - CakePHP自定义ACL授权,使用acos,aros和aros_acos带有api_扩展名的Acl表,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/24059757/