我使用YII框架並使用accessRules和filter限制對某些頁面的訪問。有很多關於如何在沒有數據庫的情況下限制訪問的信息,以及如何通過總是訪問變量來實現訪問,但是我怎樣才能做到這一點,只能從數據庫中獲取角色,並在控制器中使用訪問過濾器。「accessRules()」在YII
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
'postOnly + delete', // we only allow deletion via POST request
);
}
public function accessRules()
{
return array(
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update', 'view', 'index'),
'users'=>array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete', 'view', 'index'),
'users'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#access-control-filter –