1 / 17

CakePHP 权限控制列表( ACL ) APP 管理后台

目录. CakePHP 权限控制列表( ACL ) APP 管理后台. authenticate (authentication)与authorize(authorization) authorize基于 authenticate. ACL 简介 - 认证与授权. A RO与ACO,aros_acos. ARO. ACO. ACL 简介. aros_acos. A CL特点. 基于 controller 验证: $this->Auth->authorize = array('Controller');

Download Presentation

CakePHP 权限控制列表( ACL ) APP 管理后台

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 目录 • CakePHP权限控制列表(ACL) • APP管理后台

  2. authenticate(authentication)与authorize(authorization)authenticate(authentication)与authorize(authorization) • authorize基于authenticate ACL简介 - 认证与授权

  3. ARO与ACO,aros_acos ARO ACO ACL简介 aros_acos

  4. ACL特点 • 基于controller验证:$this->Auth->authorize = array('Controller'); • 基于action验证:$this->Auth->authorize = array( • 'Actions' => array('actionPath' => controllers') • ); • 基于crud验证:$this->Auth->authorize = array('Crud'); ACL简介

  5. ACL特点(基于action的权限验证) • $this->Auth->allow('actionName');跳过认证,同时也跳过了权限验证 • 所有的controller、action必须在权限树里面(跳过权限验证的除外) • 无授权==没有权限 • 向上(树的根)查询,直到查到控制(allow或者deny)为止(默认controller无权限) ACL简介

  6. ACL简介

  7. root beijing controller AppMessages action systemMessageAdd grade subject APP管理后台 - 权限树(北京) shuxue yuwen xiaoxueOne yingyu xiaoxueTwo

  8. root 默认(controller) beijing controller AppMessages action systemMessageAdd grade subject APP管理后台 - 权限树(北京) shuxue yuwen xiaoxueOne yingyu xiaoxueTwo

  9. root beijing controller AppMessages action systemMessageAdd 扩 展 权 限 树 grade subject APP管理后台 - 权限树(北京) shuxue yuwen xiaoxueOne yingyu xiaoxueTwo

  10. 权限配置 • //core.php • Configure::write('Acl.classname', 'DbAcl'); • Configure::write('Acl.database', 'default'); • $this->Auth->authorize = array( • 'Actions' => array('actionPath' => 'beijing') • ); APP管理后台 - 权限

  11. 权限验证 //验证权限的方法 $this->Acl->check($aro, $aco, $action) //检查北京系统消息的添加权限(用户ID==2的用户) $this->Acl->check(array('model' => 'User', 'foreign_key' => 2), 'beijing/AppMessages/systemMessageAdd/', * ) //检查北京系统消息添加权限中的数学学科的添加权限(角色ID==2的用户) $this->Acl->check(array('model' => 'Role', 'foreign_key' => 2), 'beijing/AppMessages/systemMessageAdd/subject/shuxue', * ) APP管理后台 - 权限

  12. 授权与取消授权 //取消(北京分校)角色ID==3的所有用户添加系统消息选择年级条件的权限 $this->Acl->deny(array('model' => 'Role', 'foreign_key' => 3), 'beijing/AppMessages/systemMessageAdd/grade' ); //授予(北京分校)角色ID==3的所有用户添加系统消息选择小学三年级条件的权限 $this->Acl->deny(array('model' => 'Role', 'foreign_key' => 3), 'beijing/AppMessages/systemMessageAdd/grade/xiaoxueThree' ); APP管理后台 - 权限

  13. 权限树初始化工具 • CakePlugin::load('AclExtras'); • ./Console/cake AclExtras.AclExtras aco_sync • https://github.com/markstory/acl_extras • app/Console/Command/AcoCheckShell.php • ./Console/cake aco_check • https://github.com/codingthoughts/cakephp-aco-check APP管理后台 - 权限

  14. 权限说明 • 单层的角色授权 • 分校的权限授权与取消授权统一 • action的权限控制无需代码 • 权限树的节点与数据库alias字段对应 • alias必须在兄弟间唯一 • alias不能是中文 APP管理后台 - 权限

  15. 说明 • 系统消息与PUSH消息的区别 • 由脚本执行定时推送(默认为5分钟;无立即推送) • PUSH消息的特点 • 不能保证100%成功 • 内容过长则直接丢弃(256字节) • 遇到无法推送的Token,则后面的Token全部放弃推送 • 提供feedback服务(发现->剔除->发现->再剔除) • 循环PUSH(仿真以2循环,线上以50循环) APP管理后台 - 消息

  16. 说明(全国版) • “强制升级”与“是否可用”都区分系统,设备与渠道 • 升级的版本中存在“强制升级”则提示强制升级,且升级到“可用”版本的最新版 APP管理后台 - 版本控制及接口

  17. 谢谢观赏

More Related