CakePHP 3：用戶不允許註銷？

Question

我正在學習CakePHP 3申請實習，目前我正在按照Official cookbook from cakePHP.org的教程，但我討厭這本書。這很混亂。

無論如何，我做了Bookmarker示例的步驟，它有點兒工作，我做了一切，就像本書告訴我要做的一樣，直到登錄&註銷部分，但是當我嘗試從系統註銷時，它告訴我「您無權訪問該位置。」

如果您需要我項目中的其他代碼，請告訴我。

要註銷，我指導用戶用下面的代碼，它產生鏈接server/users/logout：

<?= $this->Html->link(__('Log out'), ['controller' => 'Users', 'action' => 'logout']) ?> 

/rootOfProject/src/Controller/AppController.php：

namespace App\Controller; 
use Cake\Controller\Controller; 

class AppController extends Controller { 
    public function initialize() { 
     $this->loadComponent('Flash'); 
     $this->loadComponent('Auth', [ 
      'authenticate' => [ 
       'Form' => [ 
        'fields' => [ 
         'username' => 'email', 
         'password' => 'password' 
        ] 
       ] 
      ], 
      'unauthorizedRedirect' => [ 
       'controller' => 'Users', 
       'action' => 'login' 
      ], 
      'authorize' => 'Controller' 
     ]); 
     $this->Auth->allow(['display']); 
    } 
    public function isAuthorized($user) { 
     return false; 
    } 
} 

/rootOfProject/src/Controller/UsersController.php：

namespace App\Controller; 
use App\Controller\AppController; 
class UsersController extends AppController { 
    public function index() { 
     $this->set('users', $this->paginate($this->Users)); 
    } 
    public function view($id = null) { 
     $user = $this->Users->get($id, [ 
      'contain' => ['Bookmarks'] 
     ]); 
     $this->set('user', $user); 
    } 
    public function add() { 
     $user = $this->Users->newEntity($this->request->data); 
     if ($this->request->is('post')) { 
      if ($this->Users->save($user)) { 
       $this->Flash->success('The user has been saved.'); 
       return $this->redirect(['action' => 'index']); 
      } else { 
       $this->Flash->error('The user could not be saved. Please, try again.'); 
      } 
     } 
     $this->set(compact('user')); 
    } 
    public function edit($id = null) { 
     $user = $this->Users->get($id, [ 
      'contain' => [] 
     ]); 
     if ($this->request->is(['patch', 'post', 'put'])) { 
      $user = $this->Users->patchEntity($user, $this->request->data); 
      if ($this->Users->save($user)) { 
       $this->Flash->success('The user has been saved.'); 
       return $this->redirect(['action' => 'index']); 
      } else { 
       $this->Flash->error('The user could not be saved. Please, try again.'); 
      } 
     } 
     $this->set(compact('user')); 
    } 
    public function delete($id = null) { 
     $user = $this->Users->get($id); 
     $this->request->allowMethod(['post', 'delete']); 
     if ($this->Users->delete($user)) { 
      $this->Flash->success('The user has been deleted.'); 
     } else { 
      $this->Flash->error('The user could not be deleted. Please, try again.'); 
     } 
     return $this->redirect(['action' => 'index']); 
    } 
    public function login() { 
     if ($this->request->is('post')) { 
      $user = $this->Auth->identify(); 
      if ($user) { 
       $this->Auth->setUser($user); 
       return $this->redirect($this->Auth->redirectUrl()); 
      } 
      $this->Flash->error('Your username or password is incorrect.'); 
     } 
    } 
    public function logout() { 
     $this->Flash->success('You are now logged out.'); 
     return $this->redirect($this->Auth->logout()); 
    } 
    public function beforeFilter(\Cake\Event\Event $event) { 
     $this->Auth->allow(['add']); 
    } 
} 

Answer 1

您拒絕訪問對於您的isAuthorized()回調只返回false的所有用戶。因此只有明確允許的操作（$this->Auth->allow()）以及隱式允許的登錄操作纔可以訪問。

如果您不想執行任何授權（驗證！=授權）檢查，請從您的控制器中除去回調，以及從驗證組件配置中刪除authorize選項。

有關授權的更多信息，請參閱http://book.cakephp.org/3.0/en/controllers/components/authentication.html#authorization。

Answer 2

在你的AppController中添加以下內容：

<?php 
    public function isAuthorized($user) 
    { 
     $action = $this->request->params['action']; 

     // The add and index actions are always allowed. 
     if (in_array($action, ['logout'])) { 
      return true; 
     }else{ 
      return false; 
     } 
} 
?>