以下是我用于允许经过身份验证的用户执行某些操作的代码
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup'],
'rules' => [
[
'actions' => ['show'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['create', 'edit'],
'allow' => true,
'roles' => ['@'],
],
],
],
但是此规则允许访客进入创建操作。 Afaik,默认情况下,访客用户必须被拒绝。我做错了什么?
答案 0 :(得分:1)
将您的代码修改为:
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup', 'create', 'edit'],
'rules' => [
[
'actions' => ['show'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['create', 'edit'],
'allow' => true,
'roles' => ['@'],
],
],
],
只有数组应包含此过滤器应适用的操作ID列表。