Php &引用;accessRules();易建联
我使用YII框架,并使用accessRules和filter限制对某些页面的访问。关于如何在没有DB的情况下限制访问,或者如何使用always getting access变量来限制访问,有很多信息,但是如何仅从数据库中获取角色并在控制器中使用访问筛选器来限制访问Php &引用;accessRules();易建联,php,arrays,yii,Php,Arrays,Yii,我使用YII框架,并使用accessRules和filter限制对某些页面的访问。关于如何在没有DB的情况下限制访问,或者如何使用always getting access变量来限制访问,有很多信息,但是如何仅从数据库中获取角色并在控制器中使用访问筛选器来限制访问 public function filters() { return array( 'accessControl', // perform access control for CRUD operations
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
'postOnly + delete', // we only allow deletion via POST request
);
}
public function accessRules()
{
return array(
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update', 'view', 'index'),
'users'=>array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete', 'view', 'index'),
'users'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
您是否已经建立了基于角色的层次结构?如果没有,请检查此yii docu:如果是,则简单如下:
public function accessRules()
{
return array(
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update', 'view', 'index'),
'roles'=>array('role1'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete', 'view', 'index'),
'roles'=>array('role2'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
您是否已经建立了基于角色的层次结构?如果没有,请检查此yii docu:如果是,则简单如下:
public function accessRules()
{
return array(
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update', 'view', 'index'),
'roles'=>array('role1'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete', 'view', 'index'),
'roles'=>array('role2'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
注释行,在中显示
'postOnly+delete'
`public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
//'postOnly + delete', // we only allow deletion via POST request
);
}
`这将允许用户删除。注释行中显示
'postOnly+delete'
`public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
//'postOnly + delete', // we only allow deletion via POST request
);
}
`这将允许用户删除。Oooooh,如此简单的解决方案。谢谢您如果@user619的答案是正确的,您应该接受它:)哦,这么简单的解决方案。谢谢您如果@user619的答案是正确的,您应该接受它:)