0

您好,我使用的是 yii 框架,我在 Layout/main.php 中编写了如下代码

 array('label'=>'Dashboard', 'url'=>array('/site/todays_task'),'visible'=>$user-checkAccess('Team Leader,employee')),

在我的 Protected/component/WebUser.php 代码如下

public function checkAccess($operation, $params=array())
{
    if (empty($this->id)) 
    {
         // Not identified => no rights
         return false;
    }
    $role = $this->getState("Role");
    if ($role === 'admin') {
         return true; // admin role has access to everything
    }
    if (strstr($operation,$role) !== false) { // Check if multiple roles are available
         return true;
    }
         // allow access if the operation request is the current user's role
         return ($operation === $role);
    }
}

所以仪表板链接对管理员可见,也因为管理员可以访问 webuser checkaccess 方法中的所有内容,我希望不可见仪表板链接到管理员

4

1 回答 1

0

为此编写第二个函数,为管理部分返回 false;

public function checkAccessNoAdmin($operation, $params=array())
{
    if (empty($this->id)) 
    {
         // Not identified => no rights
         return false;
    }
    $role = $this->getState("Role");
    if ($role === 'admin') {
         return false; // admin role has no access here
    }
    if (strstr($operation,$role) !== false) { // Check if multiple roles are available
         return true;
    }
         // allow access if the operation request is the current user's role
         return ($operation === $role);
    }
}

然后改为:

array('label'=>'Dashboard', 'url'=>array('/site/todays_task'),'visible'=>$user-checkAccessNoAmdin('Team Leader,employee'))
于 2012-12-25T07:34:03.950 回答