我在验证用户对控制器内的操作(例如,索引,创建,更新等)的权限时遇到问题,我使用以下代码来验证用户的权限:
我的控制器:
backend/modules/content/controllers/ArticleController.php
$behaviors['access'] = [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['@'],
'matchCallback' => function ($rule, $action) {
$module = Yii::$app->controller->module->id;
$action = Yii::$app->controller->action->id;
$controller = Yii::$app->controller->id;
$route = "$module/$controller/$action";
$post = Yii::$app->request->post();
if (\Yii::$app->user->can($route)) {
return true;
}
}
]
]
];
使用此代码,我将得到一条路由(Exm:content / article / index),该路由将进行验证,以了解您是否具有权限。
更新
我注意到问题是在'as globalAccess' (backend/config/web.php)中生成的,当我停用全局访问权限时,它可以验证权限,但是当我具有全局访问权限时,所有用户都具有完全访问权限,但是将其禁用带来其他问题。
'as globalAccess' => [
'class' => common\behaviors\GlobalAccessBehavior::class,
'rules' => [
[
'controllers' => ['sign-in'],
'allow' => true,
'roles' => ['?'],
'actions' => ['login'],
],
[
'controllers' => ['sign-in'],
'allow' => true,
'roles' => ['@'],
'actions' => ['logout'],
],
[
'controllers' => ['site'],
'allow' => true,
'roles' => ['?', '@'],
'actions' => ['error'],
],
[
'controllers' => ['debug/default'],
'allow' => true,
'roles' => ['@'],
],
[
'allow' => true,
'roles' => ['@'],
],
],
],
问题是验证不起作用,唯一可行的方法是在全局访问中添加一条规则,该规则允许我向角色授予权限,但这是默认设置:
[
'controllers' => ['article'],
'allow' => true,
'roles' => ['administrator'],
],
[
'controllers' => ['article'],
'allow' => false,
],
或在每个动作Yii::$app->user->can(..)的每个动作中添加功能
if (\Yii::$app->user->can('content/article/index')) {
.. code index ..
} else {
throw new ForbiddenHttpException
}
在理想情况下,您不必在每个操作中添加功能Yii::$app->user->can(..)或在全局访问中添加默认规则。希望可以支持我