我正在为我的网站项目使用Yii PHP框架。我的问题是如何解决这个问题。访问部门页面时收到错误403.
我的LoginForm.php
public function authenticate($attribute,$params)
{
if(!$this->hasErrors()) // we only want to authenticate when no input errors
{
$identity=new UserIdentity($this->email,$this->password);
$identity->authenticate();
switch($identity->errorCode)
{
case UserIdentity::ERROR_NONE:
Yii::app()->user->login($identity);
break;
case UserIdentity::ERROR_USERNAME_INVALID:
$this->addError('email','Email address is incorrect.');
break;
default: // UserIdentity::ERROR_PASSWORD_INVALID
$this->addError('password','Password is incorrect.');
break;
}
}
}
UserIdentity.php
<?php
/**
* UserIdentity represents the data needed to identity a user.
* It contains the authentication method that checks if the provided
* data can identity the user.
*/
class UserIdentity extends CUserIdentity
{
// Need to store the user's ID:
private $_merchantId;
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
$merchant= Merchant::model()->findByAttributes(array('email'=>$this->username));
if ($merchant===null) { // No user found!
$this->errorCode=self::ERROR_USERNAME_INVALID;
} else if ($merchant->password!== SHA1($this->password) ) { // Invalid password!
$this->errorCode=self::ERROR_PASSWORD_INVALID;
} else { // Okay!
$this->errorCode=self::ERROR_NONE;
// Store the role in a session:
$this->setState('role', $merchant->role);
$this->_merchantId= $merchant->merchantId;
}
return!$this->errorCode;
}
public function getId()
{
return $this->_merchantId;
}
}
Department.php
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index','view'),
'users'=>array('*'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update'),
'users'=>array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'users'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
为什么?
答案 0 :(得分:1)
由于管理员用户可以访问此权限,因此已定义访问规则。 所以需要检查为@kumar_v说
答案 1 :(得分:0)
在您的department.php accessRules()中,将'users'=>array('admin')
更改为以下行中的'users'=>array('@')
,如下所示:
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'users'=>array('@'),
),
这应该可以解决未经授权的错误。