i making app cakephp 3, , want restric normal user ('alumnos' in case) see , edit profiles, try compare id of logged user , value send request in url, not working, sends following error "notice (8): undefined offset: 0 [app/controller\userscontroller.php, line 144]", $this->request->params['pass'][0] variable empty. how can fix this?
this usercontroller.php
class userscontroller extends appcontroller{ /** * index method * * @return void */ public function index() { $this->paginate = [ 'contain' => ['grados'] ]; $this->set('users', $this->paginate($this->users)); $this->set('_serialize', ['users']); } /** * view method * * @param string|null $id user id. * @return void * @throws \cake\network\exception\notfoundexception when record not found. */ public function view($id = null) { $user = $this->users->get($id, [ 'contain' => ['grados', 'clases', 'conveniosusuarios', 'desvinculaciones', 'historialalumnos', 'pagos', 'pedidos'] ]); $this->set('user', $user); $this->set('_serialize', ['user']); } /** * add method * * @return void redirects on successful add, renders view otherwise. */ public function add() { $user = $this->users->newentity(); if ($this->request->is('post')) { $user = $this->users->patchentity($user, $this->request->data); if ($this->users->save($user)) { $this->flash->success(__('the user has been saved.')); return $this->redirect(['action' => 'index']); } else { $this->flash->error(__('the user not saved. please, try again.')); } } $grados = $this->users->grados->find('list', ['limit' => 200]); $this->set(compact('user', 'grados')); $this->set('_serialize', ['user']); } /** * edit method * * @param string|null $id user id. * @return void redirects on successful edit, renders view otherwise. * @throws \cake\network\exception\notfoundexception when record not found. */ public function edit($id = null) { $user = $this->users->get($id, [ 'contain' => [] ]); if ($this->request->is(['patch', 'post', 'put'])) { $user = $this->users->patchentity($user, $this->request->data); if ($this->users->save($user)) { $this->flash->success(__('the user has been saved.')); return $this->redirect(['action' => 'index']); } else { $this->flash->error(__('the user not saved. please, try again.')); } } $grados = $this->users->grados->find('list', ['limit' => 200]); $this->set(compact('user', 'grados')); $this->set('_serialize', ['user']); } /** * delete method * * @param string|null $id user id. * @return void redirects index. * @throws \cake\network\exception\notfoundexception when record not found. */ public function delete($id = null) { $this->request->allowmethod(['post', 'delete']); $user = $this->users->get($id); if ($this->users->delete($user)) { $this->flash->success(__('the user has been deleted.')); } else { $this->flash->error(__('the user not deleted. please, try again.')); } return $this->redirect(['action' => 'index']); } public function beforefilter(event $event) { $this->auth->allow(['logout']); } public function login() { if ($this->request->is('post')) { $user = $this->auth->identify(); if ($user) { $this->auth->setuser($user); if ($this->auth->user('rol') == 'alumno') { $this->redirect('users'.ds.'view'.ds.$this->auth->user('id')); }else{ return $this->redirect($this->auth->redirecturl()); } }else{ $this->flash->error(__('usario o contraseƱa invalidos!')); } } } public function logout() { return $this->redirect($this->auth->logout()); } public function isauthorized($user) { $userid=$this->auth->user('id'); $id= $this->request->params['pass'][0];//here problem!! $action = $this->request->params['action']; if ($user['rol']=='instructor') { return true; }else if ($user['rol']!='instructor') { if (in_array($action, ['edit', 'view']) && $userid == $id) { return true; } return false; } return parent::isauthorized($user); } } when if user correct debug($this->request->params) display:
[ 'plugin' => null, 'controller' => 'users', 'action' => 'view', '_ext' => null, 'pass' => [ (int) 0 => '4' ] ] but if user try see other profile debug($this->request->params) display:
[ 'plugin' => null, 'controller' => 'users', 'action' => 'index', '_ext' => null, 'pass' => [] ] appcontroller.php
class appcontroller extends controller { /** * initialization hook method. * * use method add common initialization code loading components. * * @return void */ public function initialize() { $this->loadcomponent('flash'); $this->loadcomponent('auth', [ 'authorize' => ['controller'], 'loginredirect' => [ 'controller' => 'users', 'action' => 'index' ], 'logoutredirect' => [ 'controller' => 'users', 'action' => 'login' ] ]); } public function beforefilter(event $event) { $this->auth->allow(['login']); } public function isauthorized($user) { // admin can access every action if (isset($user['role']) && $user['role'] === 'admin') { return true; } // default deny return false; } }
thanks edit.
i believe pass set after condition in_array(), need set $id after condition :
public function isauthorized($user) { $userid = $this->auth->user('id'); $action = $this->request->params['action']; if ($user['rol'] == 'instructor') { return true; } else if ($user['rol'] != 'instructor') { if (in_array($action, ['edit', 'view'])) { $id = $this->request->params['pass'][0]; // moved here if ($userid == $id) { return true; } } return false; } return parent::isauthorized($user); } if not work, can still check if $this->request->params['pass'][0] exists before trying set $id.
Comments
Post a Comment