5

我正在使用 CakePHP 开发一个安静的 API,我正在尝试实现一个自定义授权,它使用 ACL 授权用户,代码看起来像

<?php
App::uses('BaseAuthorize', 'Controller/Component/Auth');

class ApiAuthorize extends BaseAuthorize {
     public function authorize($user, CakeRequest $request) { 
                $allowed = false;
        $Acl = $this->_Collection->load('Acl'); 
        list($plugin, $userModel) = pluginSplit($this->settings['userModel']);
        $action = $this->action($request); 

        $cacheName = 'permissions_' . strval($user['id']); 
        if (($permissions = Cache::read($cacheName, 'permissions')) === false) {
            $permissions = array(); 
            Cache::write($cacheName, $permissions, 'permissions');
        }
        if (!isset($permissions[$action])) {
            $User = ClassRegistry::init($this->settings['userModel']);
            $User->id = $user['id'];
            $allowed = $Acl->check($User, $action); 
            $permissions[$action] = $allowed;
            Cache::write($cacheName, $permissions, 'permissions');
            $hit = false;
        } else {
            $allowed = $permissions[$action];
            $hit = true;
        }
            return $allowed;
     }
}

我正在为网站(使用croogo开发)和API使用相同的数据库,所以我的数据库已经有了acosaros&aros_acos网站的表,所以对于API,我创建了带有api_扩展名的ACL表,比如api_acosapi_aros&api_aros_api_acos

我的 ACL 表的新架构是

CREATE TABLE IF NOT EXISTS `api_acos` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `model` varchar(255) DEFAULT '',
  `foreign_key` int(10) unsigned DEFAULT NULL,
  `alias` varchar(255) DEFAULT '',
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

CREATE TABLE IF NOT EXISTS `api_acos_api_aros` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `api_aro_id` int(10) unsigned NOT NULL,
  `api_aco_id` int(10) unsigned NOT NULL,
  `_create` char(2) NOT NULL DEFAULT '0',
  `_read` char(2) NOT NULL DEFAULT '0',
  `_update` char(2) NOT NULL DEFAULT '0',
  `_delete` char(2) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

CREATE TABLE IF NOT EXISTS `api_aros` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `parent_id` int(10) DEFAULT NULL,
  `model` varchar(255) DEFAULT '',
  `foreign_key` int(10) unsigned DEFAULT NULL,
  `alias` varchar(255) DEFAULT '',
  `lft` int(10) DEFAULT NULL,
  `rght` int(10) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

我在这里使用自定义 ACL 类https://github.com/FriendsOfCake/Authorize/blob/master/Controller/Component/Acl/HabtmDbAcl.php

我的问题是在哪里以及如何使用我的新数据库表 ( api_acos, api_aros& api_aros_api_acos) 进行 ACL 查找?请指出我可以参考自定义 ACL 授权实现的代码。

4

1 回答 1

2

I would just reuse the existing acl tables from Croogo with a different root node for API.

This is what the Croogo core is doing too. Unfortunately, the install data does not provide this by default.

You can create the api root node by running the Acl.extras shell:

$ Console/cake acl.extras aco_sync

Welcome to CakePHP v2.5.1 Console
---------------------------------------------------------------
App : croogo-app
Path: /home/rachman/work/personal/deploy/croogo-app/
---------------------------------------------------------------
Skipped Aco node: controllers/Croogo/CroogoError
Created Aco node: controllers/Extensions/ExtensionsDashboard
Created Aco node: controllers/Extensions/ExtensionsDashboard/admin_index
Created Aco node: controllers/Extensions/ExtensionsPlugins/admin_moveup
Created Aco node: controllers/Extensions/ExtensionsPlugins/admin_movedown
Created Aco node: controllers/Menus/Links/admin_link_chooser
Created Aco node: controllers/Menus/Menus/admin_toggle
Created Aco node: controllers/Meta/Meta
Created Aco node: controllers/Meta/Meta/admin_delete_meta
Created Aco node: controllers/Meta/Meta/admin_add_meta
Created Aco node: api/v1_0/Nodes/Nodes/lookup
Created Aco node: api/v1_0/Users/Users/lookup
Created Aco node: controllers/Wysiwyg
Aco Sync Complete

You can manually add the necessary ACOs as per your API requirements, or use the ApiComponent as a base which will enable the extras shell to auto-create it for your later.

The UserApiComponent and NodeApiComponent can provide some example on how to implement API methods.

于 2014-06-06T03:39:41.173 回答