限制访问我的App Engine PHP应用程序以获取一组Google帐户?
Is there a way I can restrict access to my App Engine PHP app for only a certain set of Google account holders (who are logged in at the time of course)? The additional requirement is the PHP scripts on my site will be called via AJAX. It's fine for the users not to see a Google login prompt as they are internal users and will know that they are supposed to be already logged in.
Looking at the PHP app.yaml https://cloud.google.com/appengine/docs/php/config/appref#handlers_login and User auth info https://cloud.google.com/appengine/docs/php/users/#choosing_an_authentication_option I wasn't clear how this could be achieved (apart for Admin roles which are too permissive for these users)
Thanks, Alex
我是否可以限制仅限某些Google帐户持有人访问我的App Engine PHP应用程序( 谁在当然登录?)? 附加要求是我的网站上的PHP脚本将通过AJAX调用。 用户不要看到Google登录提示,因为他们是内部用户并且知道他们应该已经登录了。 p>
查看PHP app.yaml https://cloud.google.com/appengine/docs/php/config/appref #handlers_login 和用户身份信息 https://cloud.google。 com / appengine / docs / php / users /#Selecting_an_authentication_option 我不清楚如何实现这一目标(除了对这些用户来说过于宽松的管理员角色) p>
谢谢, Alex p> div>
A very crude/simple solution would be implemented like this:
In app.yaml, add something like this
- url: .*
script: main.php
login: required
Then in main.php, something like this
$user = \google\appengine\api\users\UserService::getCurrentUser();
if($user) {
if(in_array($user->getEmail(), ['user1@domain.com', 'user2@domain.com'])) {
// OK, user is allowed
} else {
// Logged in, but UNKNOWN user
}
} else {
// User not logged in
}
You can easily use oauth to get users email address while authenticating and use that to allow a group of emails to qualify and raise oauthexception for others