开发者

can someone please put this in english for me PHP Cakephp

问答 作者:

Sorry for being a bit of a dumb-ass but I'm trying to learn and have been looking at this for a couple of days but I'm still not completely sure how it works. I'm following an offline tutorial about using prefixes.

the tutorial says do this: 1 - uncomment the admin routing prefix in core.php

2 - add the following to users_controller.php:

public function dashboard() {
        $role = $this->Auth->user('role');
        if (!empty($role)) {
                $this->redirect(array($role=>true, 'action'=>'dashboard'));
        }
}

public function admin_dashboard() {
}

public function manager_dashboard() {
}

3 - create three views for the above

4 - in app_controller add the authorize and session components with appropriate settings, then add:

        public function isAuthorized() {
                $role = $this->Auth->user('role');
                $neededRole = null;
                $prefix = !empty($this->params['prefix']) ? $this-
>params['prefix'] : null;

                if (!empty($prefix) && in_array($prefix,
Configure::read('Routing.pre开发者_开发技巧fixes'))) {
                        $neededRole = $prefix;
                }
                return (empty($neededRole) || strcasecmp($role, 'admin') == 0 ||
strcasecmp($role, $neededRole) == 0);
        }

5 - in the default layout:

<?php
        $dashboardUrl = array('controller'=>'users', 'action'=>'dashboard');
        if (!empty($user['role'])) {
                $dashboardUrl[$user['role']] = true;
        }
        echo $this->Html->link('My Dashboard', $dashboardUrl);
?>

Now the whole thing works and I can follow most of whats going on, but I'm confused with the last line in the isAuthorized method. What exactly does:

return    (empty($neededRole)             || 
           strcasecmp($role, 'admin')== 0 ||
           strcasecmp($role, $neededRole) == 0);

actually return?

Also, the above code works fine and when I log in as someone who is an admin they can view the admin_dashboard ok, but there after it seems any other link has an admin prefix. How do I stop that happening? I don't want to have to create an admin_ method for everything including the homepage!.

empty($neededRole) || 
strcasecmp($role, 'admin') == 0 || 
strcasecmp($role, $neededRole) == 0

The needed role is blank/empty: empty($neededRole) OR
the role is 'admin' when compared in a case-insensitive manner: strcasecmp($role, 'admin') == 0 OR
the role is the same as the needed role when compared in a case-insensitive manner.

So it returns true if it doesn't require a role, or the role is admin, or the role is the same as the required role, otherwise false.

To address the first part of your question...

return (empty($neededRole) || strcasecmp($role, 'admin') == 0 || strcasecmp($role, $neededRole) == 0);

This returns a boolean. Re-arrange it like this to make a little more sense:

return (
        empty($neededRole)
     || strcasecmp($role, 'admin') == 0
     || strcasecmp($role, $neededRole) == 0
);

Thus, it will return true if any of the three conditions are met:

  • empty($neededRole) is true
  • strcasecmp($role, 'admin') equals 0
  • strcasecmp($role, $neededRole) equals 0

According to the documentation, those last two will equal zero if the two arguments are the same. So, the function will return true if:

  • There is no $neededRole value or;
  • $role is the same as "admin" or;
  • $role if the same as $neededRole

If none of those conditions are met, it will return false.

From the documentation http://php.net/manual/en/function.strcasecmp.php strcasecmp compares to strings ignoring case, returning 0 if they are the same, so the final line says:

If the needed role is empty (you don't need a role)
    You are authorized
OR IF your role is 'admin'
    You are authorized
OR IF your role is the needed role 
    You are authorized
ELSE
    You are not authorized

As for your other question, i'm not sure, but i'm pretty sure you do need an admin_* method, but these methods could delegate to the normal method where no special logic is needed.

The code returns:

  • empty($neededRole) (returns true/false)
  • strcasecmp($role, 'admin') (returns 0 if equal)
  • strcasecmp($role, $neededRole) (returns 0 if equal)

As for the ADMIN routing, it will not be required on ALL functions (including the home page). Only if you want to "hide" functions (provide admin only functionality) then you add the admin prefix. Then you can block access to all functions with the ADMIN prefix unless they have the proper authorization. This will prevent unauthorized access to these methods. When you add the admin_ prefix to the beginning of a method, it means it is specific to the ADMIN role. The admin will still have access to everything else.

继续阅读:cakephpphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9