我知道简单的REST身份验证,如this guide
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => QueryParamAuth::className(),
];
return $behaviors;
}
但我想提供一些规则来处理访客访问?像authorization guide这样的访问控制
$behaviors['access'] = [
'class' => AccessControl::className(),
'rules' => [
// allow authenticated users
[
'allow' => true,
'actions' => ['some-action'],
'roles' => ['?'],
],
[
'allow' => true,
'roles' => ['@'],
],
// everything else is denied
],
];
如果我在没有some_guest_action的情况下作为访客访问access-token,那就没问题,
但如果我使用access-token访问,则Yii::$app->user->getId()始终返回null值
我的完整代码
public function behaviors()
{
$behaviors = parent::behaviors();
$behavior['authenticator'] = [
'class' => QueryParamAuth::className(),
];
$behaviors['access'] = [
'class' => AccessControl::className(),
'rules' => [
// allow authenticated users
[
'allow' => true,
'actions' => ['some-action'],
'roles' => ['?'],
],
[
'allow' => true,
'roles' => ['@'],
],
// everything else is denied
],
];
return $behaviors;
}
public function actionSomeAction()
{
return Yii::$app->user->getId();
}