我想限制角色成員的用戶訪問後端。 我使用的是默認的yii2
先進的授權RBAC
,但在訪問規則的規則,我不能添加任何角色:如何禁止用戶訪問yii2中後端的角色成員?
rules => [
[
'actions' => ['login', 'error'],
'allow' => TRUE,
]
在後端的siteController
。如果有什麼辦法可以做到這一點,我會很感激。
我想限制角色成員的用戶訪問後端。 我使用的是默認的yii2
先進的授權RBAC
,但在訪問規則的規則,我不能添加任何角色:如何禁止用戶訪問yii2中後端的角色成員?
rules => [
[
'actions' => ['login', 'error'],
'allow' => TRUE,
]
在後端的siteController
。如果有什麼辦法可以做到這一點,我會很感激。
如果你只想要拒絕訪問成員,並允許your_role可以
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => false,
'roles' => ['member']
],
[
'allow' => true,
'roles' => ['your_role'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
這是沒有必要每個後端控制器的行爲進行編碼。您可以相同的代碼添加到$配置的結束[ '組件']數組後端/配置/ main.php:
'as beforeRequest' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'allow' => false,
'roles' => ['member'],
],
],
'denyCallback' => function() {
return Yii::$app->response->redirect(['frontend']);
},
],
試試這個,
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
'access' => [
'class' => AccessControl::className(),
// We will override the default rule config with the new AccessRule class
'ruleConfig' => [
'class' => AccessRule::className(),
],
'only' => ['index','create', 'update', 'delete'],
'rules' => [
[
'actions' => ['index','create'],
'allow' => true,
// Allow users, moderators and admins to create
'roles' => [
User::ROLE_USER,
User::ROLE_MODERATOR,
User::ROLE_ADMIN
],
],
[
'actions' => ['update'],
'allow' => true,
// Allow moderators and admins to update
'roles' => [
User::ROLE_MODERATOR,
User::ROLE_ADMIN
],
],
[
'actions' => ['delete'],
'allow' => true,
// Allow admins to delete
'roles' => [
User::ROLE_ADMIN
],
],
],
],
];
}