我使用YII框架并使用accessRules和filter限制对某些页面的访问。有很多关于如何在没有DB的情况下限制访问或者如何使用始终获取访问变量来执行此操作的信息,但是我怎样才能从数据库获取角色并在控制器中使用访问过滤器。
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
'postOnly + delete', // we only allow deletion via POST request
);
}
public function accessRules()
{
return array(
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update', 'view', 'index'),
'users'=>array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete', 'view', 'index'),
'users'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
答案 0 :(得分:3)
您是否已经设置了基于角色的层次结构?不检查这个yii纪录片:http://www.yiiframework.com/doc/guide/1.1/en/topics.auth如果是这样,就像那样简单:
public function accessRules()
{
return array(
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update', 'view', 'index'),
'roles'=>array('role1'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete', 'view', 'index'),
'roles'=>array('role2'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
答案 1 :(得分:0)
在
中显示'postOnly + delete'的评论行
`public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
//'postOnly + delete', // we only allow deletion via POST request
);
}
`这将允许删除用户。