问题
I have this method to display a user profile like this one in url http://localhost/sample/users/profile/john instead of http://localhost/sample/users/view/1
public function profile($username)
{
$user = $this->Users->find()->where(['username' => $username])->first();
$accountUsername = $user->username;
$this->set('profileUserName', $accountUsername);
$this->set('users', $user);
$this->set('_serialize', ['user']);
}
When I try to edit my profile It will always go to "You are not allowed to do this."
public function edit($id = null)
{
$logged_user_id=$this->Auth->user('id');
if($logged_user_id==$id){
$user = $this->Users->get($id, [
'contain' => []
]);
if ($this->request->is(['patch', 'post', 'put'])) {
$user = $this->Users->patchEntity($user, $this->request->getData());
if ($this->Users->save($user)) {
$this->Flash->success(__('User profile successfuly updated.'));
return $this->redirect(['action' => 'index']);
} else {
$this->Flash->error(__('The user could not be saved. Please, try again.'));
}
}
$this->set(compact('user'));
$this->set('_serialize', ['user']);
} else {
$this->Flash->error(__('You are not allowed to do this.'));
return $this->redirect(['action' => 'index']);
}
}
I tried to add this on edit method
$logged_user_id=$this->Auth->user('id');
$logged_user_name=$this->Auth->user('username');
if(($logged_user_id==$id)&&($logged_user_name == $username)){
$user = $this->Users->get($id, [
'contain' => []
]);
profile.ctp
<div class="paginator">
<ul>
<li><?= $this->Html->link(__('Edit User'), ['action' => 'edit', $users->id]) ?> </li>
<li><?= $this->Form->postLink(__('Delete User'), ['action' => 'delete', $users->id], ['confirm' => __('Are you sure you want to delete # {0}?', $users->id)]) ?> </li>
<li><?= $this->Html->link(__('List Users'), ['action' => 'index']) ?> </li>
<li><?= $this->Html->link(__('Logout'), ['action' => 'logout']) ?> </li>
</ul>
</div>
Maybe because of the get by $id causing the problems?
回答1:
public function beforeFilter(\Cake\Event\Event $event)
{
$user = $this->request->session()->read('Auth.User');
$this->set('user_id', $user['id']);
}
just edit your profile.ctp and change $users->id to $user_id
<div class="paginator">
<ul>
<li><?= $this->Html->link(__('Edit User'), ['action' => 'edit', $user_id]) ?> </li>
<li><?= $this->Form->postLink(__('Delete User'), ['action' => 'delete', $users->id], ['confirm' => __('Are you sure you want to delete # {0}?', $users->id)]) ?> </li>
<li><?= $this->Html->link(__('List Users'), ['action' => 'index']) ?> </li>
<li><?= $this->Html->link(__('Logout'), ['action' => 'logout']) ?> </li>
</ul>
</div>
Explanation you always directly goes to "You are not allowed to do this." because of this in profile method
$user = $this->Users->find()->where(['username' => $username])->first();
the system is confused what profile to edit since you have duplicate username in the database for users table, so it throws and error "You are not allowed to do this." after finding the first row of data with the same "username value"
add this code to UsersTable.php to prevent duplicate username
$validator
->requirePresence('username')
->notBlank('username', 'A username is required')
->add('username', 'unique', [
'rule' => 'validateUnique',
'provider' => 'table',
'message' => 'Username is already used'
]);
来源:https://stackoverflow.com/questions/48494342/cannot-edit-my-profile-after-changing-the-url-link-from-user-id-to-username-usin