cakephp 3在URL中傳遞參數時出錯

Question

我正在用cakephp 3製作應用程序，並且我想限制普通用戶（在本例中爲'alumnos'）僅查看和編輯他們的配置文件，因此我嘗試比較id （注8）：未定義偏移量：0 [APP/Controller \ UsersController.php，第144行]「， $ this-> request-> params ['pass'] [0]變量是空的。我如何解決這個問題？

這是我userController.php

class UsersController extends AppController{ 

/** 
* Index method 
* 
* @return void 
*/ 
public function index() 
{ 
    $this->paginate = [ 
     'contain' => ['Grados'] 
    ]; 
    $this->set('users', $this->paginate($this->Users)); 
    $this->set('_serialize', ['users']); 
} 

/** 
* View method 
* 
* @param string|null $id User id. 
* @return void 
* @throws \Cake\Network\Exception\NotFoundException When record not found. 
*/ 
public function view($id = null) 
{ 
    $user = $this->Users->get($id, [ 
     'contain' => ['Grados', 'Clases', 'ConveniosUsuarios', 'Desvinculaciones', 'HistorialAlumnos', 'Pagos', 'Pedidos'] 
    ]); 
    $this->set('user', $user); 
    $this->set('_serialize', ['user']); 
} 

/** 
* Add method 
* 
* @return void Redirects on successful add, renders view otherwise. 
*/ 
public function add() 
{ 
    $user = $this->Users->newEntity(); 
    if ($this->request->is('post')) { 
     $user = $this->Users->patchEntity($user, $this->request->data); 

     if ($this->Users->save($user)) { 
      $this->Flash->success(__('The user has been saved.')); 
      return $this->redirect(['action' => 'index']); 
     } else { 
      $this->Flash->error(__('The user could not be saved. Please, try again.')); 
     } 
    } 
    $grados = $this->Users->Grados->find('list', ['limit' => 200]); 
    $this->set(compact('user', 'grados')); 
    $this->set('_serialize', ['user']); 
} 

/** 
* Edit method 
* 
* @param string|null $id User id. 
* @return void Redirects on successful edit, renders view otherwise. 
* @throws \Cake\Network\Exception\NotFoundException When record not found. 
*/ 
public function edit($id = null) 
{ 
    $user = $this->Users->get($id, [ 
     'contain' => [] 
    ]); 
    if ($this->request->is(['patch', 'post', 'put'])) { 
     $user = $this->Users->patchEntity($user, $this->request->data); 
     if ($this->Users->save($user)) { 
      $this->Flash->success(__('The user has been saved.')); 
      return $this->redirect(['action' => 'index']); 
     } else { 
      $this->Flash->error(__('The user could not be saved. Please, try again.')); 
     } 
    } 
    $grados = $this->Users->Grados->find('list', ['limit' => 200]); 
    $this->set(compact('user', 'grados')); 
    $this->set('_serialize', ['user']); 
} 

/** 
* Delete method 
* 
* @param string|null $id User id. 
* @return void Redirects to index. 
* @throws \Cake\Network\Exception\NotFoundException When record not found. 
*/ 
public function delete($id = null) 
{ 
    $this->request->allowMethod(['post', 'delete']); 
    $user = $this->Users->get($id); 
    if ($this->Users->delete($user)) { 
     $this->Flash->success(__('The user has been deleted.')); 
    } else { 
     $this->Flash->error(__('The user could not be deleted. Please, try again.')); 
    } 
    return $this->redirect(['action' => 'index']); 
} 

public function beforeFilter(Event $event) 
{ 
    $this->Auth->allow(['logout']); 
} 

public function login() 
{ 
    if ($this->request->is('post')) { 
     $user = $this->Auth->identify(); 
     if ($user) { 
      $this->Auth->setUser($user); 
      if ($this->Auth->user('rol') == 'Alumno') { 
       $this->redirect('users'.DS.'view'.DS.$this->Auth->user('id')); 
      }else{ 
       return $this->redirect($this->Auth->redirectUrl()); 
      } 
     }else{ 
      $this->Flash->error(__('Usario o contraseña invalidos!'));  
     } 
    } 
} 

public function logout() 
{ 
    return $this->redirect($this->Auth->logout()); 
} 

public function isAuthorized($user) 
{ 
    $userid=$this->Auth->user('id'); 
    $id= $this->request->params['pass'][0];//here is the problem!! 
    $action = $this->request->params['action']; 
    if ($user['rol']=='Instructor') { 
     return true; 
    }else if ($user['rol']!='Instructor') { 
     if (in_array($action, ['edit', 'view']) && $userid == $id) { 
      return true; 
     } 
     return false; 
    } 
    return parent::isAuthorized($user); 
} 
} 

如果用戶是正確的調試。當（$這個 - >請求 - > PARAMS）顯示：

[ 
    'plugin' => null, 
    'controller' => 'Users', 
    'action' => 'view', 
    '_ext' => null, 
    'pass' => [ 
     (int) 0 => '4' 
    ] 
] 

但是，如果用戶嘗試看看其它輪廓調試（$這 - >請求 - > PARAMS）顯示：

[ 
    'plugin' => null, 
    'controller' => 'Users', 
    'action' => 'index', 
    '_ext' => null, 
    'pass' => [] 
] 

AppController.php

class AppController extends Controller 
{ 
/** 
* Initialization hook method. 
* 
* Use this method to add common initialization code like loading components. 
* 
* @return void 
*/ 
public function initialize() 
{ 
    $this->loadComponent('Flash'); 
    $this->loadComponent('Auth', [ 
     'authorize' => ['Controller'], 
     'loginRedirect' => [ 
      'controller' => 'Users', 
      'action' => 'index' 
     ], 
     'logoutRedirect' => [ 
      'controller' => 'Users', 
      'action' => 'login' 
     ] 
    ]); 
} 

public function beforeFilter(Event $event) 
{ 
    $this->Auth->allow(['login']); 
} 

public function isAuthorized($user) 
{ 
    // Admin can access every action 
    if (isset($user['role']) && $user['role'] === 'admin') { 
     return true; 
    } 
    // Default deny 
    return false; 
} 
} 

Answer 1

我解決這個錯誤，使用這個插件： https://github.com/AlessandroMinoccheri/UserPermissions

Answer 2

感謝您的編輯。

我相信pass是條件in_array()後置，所以你需要這個條件後設置$id：

public function isAuthorized($user) 
{ 
    $userid = $this->Auth->user('id'); 
    $action = $this->request->params['action']; 
    if ($user['rol'] == 'Instructor') { 
     return true; 
    } else if ($user['rol'] != 'Instructor') { 
     if (in_array($action, ['edit', 'view'])) { 
      $id = $this->request->params['pass'][0]; // Moved here 
      if ($userid == $id) { 
       return true; 
      } 
     } 
     return false; 
    } 
    return parent::isAuthorized($user); 
} 

如果它不工作，你仍然可以檢查是否試圖設置$id之前存在$this->request->params['pass'][0] 。