0

我使用 YII 框架并使用 accessRules 和过滤器限制对某些页面的访问。有很多关于如何在没有数据库的情况下限制访问或如何始终获取访问变量的信息,但我如何才能仅从数据库中获取角色并在我的控制器中使用访问过滤器。

public function filters()
{
    return array(
        'accessControl', // perform access control for CRUD operations
        'postOnly + delete', // we only allow deletion via POST request
    );
}


public function accessRules()
{
    return array(
        array('allow', // allow authenticated user to perform 'create' and 'update' actions
            'actions'=>array('create','update', 'view', 'index'),
            'users'=>array('@'),
        ),
        array('allow', // allow admin user to perform 'admin' and 'delete' actions
            'actions'=>array('admin','delete', 'view', 'index'),
            'users'=>array('admin'),
        ),
        array('deny',  // deny all users
            'users'=>array('*'),
        ),
    );
}
4

2 回答 2

3

您是否已经设置了基于角色的层次结构?如果不检查这个 yii 文档: http ://www.yiiframework.com/doc/guide/1.1/en/topics.auth 如果是这样,就这么简单:

public function accessRules()
{
    return array(
        array('allow', // allow authenticated user to perform 'create' and 'update' actions
            'actions'=>array('create','update', 'view', 'index'),
            'roles'=>array('role1'),
        ),
        array('allow', // allow admin user to perform 'admin' and 'delete' actions
            'actions'=>array('admin','delete', 'view', 'index'),
            'roles'=>array('role2'),
        ),
        array('deny',  // deny all users
            'users'=>array('*'),
        ),
    );
}
于 2013-08-01T13:18:01.467 回答
0

'postOnly + delete'注释行

 `public function filters()
  {
    return array(
        'accessControl', // perform access control for CRUD operations
        //'postOnly + delete', // we only allow deletion via POST request
    );
  }

`这将允许用户删除。

于 2014-07-14T11:22:23.117 回答