yii2访问控制无效

时间:2016-04-04 12:08:00

标签: php yii2

这是我的代码。没有登录也可以进入主页。当按下注销按钮时,它会将我带到登录页面。如果我再次加载主页没有登录它的工作原理。我如何解决这个问题?

 public function behaviors()
        {
            return [
                'access' => [
                    'class' => AccessControl::className(),
                    'only' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
                    'rules' => [
                         [
                            'allow' => true,
                            'actions' => [],
                            'roles' => ['?'],
                        ],
                        [
                            'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
                            'allow' => true,
                            'roles' => ['@'],
                        ],
                    ],
                ],
                'verbs' => [
                    'class' => VerbFilter::className(),
                    'actions' => [
                        'logout' => ['post'],
                    ],
                ],
            ];
        }

3 个答案:

答案 0 :(得分:1)

你应该读到这个: http://www.yiiframework.com/doc-2.0/guide-security-authorization.html

  

actions:指定此规则匹配的操作。这应该是一系列操作ID。比较区分大小写。 如果此选项为空或未设置,则表示该规则适用于所有操作

所以你应该试试:

'rules' => [
    [
        'actions' => ['login'],
        'allow' => true,
        'roles' => ['?'],
    ],
    [
        'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
        'allow' => true,
        'roles' => ['@'],
    ],
],

答案 1 :(得分:0)

我认为您应该只限访问访客页面

  public function behaviors()
      {
          return [
              'access' => [
                  'class' => AccessControl::className(),
                  'only' => ['login',],
                  'rules' => [
                       [
                          'allow' => true,
                          'actions' => [],
                          'roles' => ['?'],
                      ],
                      [
                          'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
                          'allow' => true,
                          'roles' => ['@'],
                      ],
                  ],
              ],
              'verbs' => [
                  'class' => VerbFilter::className(),
                  'actions' => [
                      'logout' => ['post'],
                  ],
              ],
          ];
      }

答案 2 :(得分:0)

首先,您可以设置登录网址,访问所有人。

roles => ['']

并且注销操作将仅访问登录用户

roles => [' @']

暂停您可以在此功能中添加的所有操作

 'rules' => [
        [
            'actions' => ['login'],
            'allow' => true,
            'roles' => ['?'],
        ],
        [
            'actions' => ['logout'],
            'allow' => true,
            'roles' => ['@'],
        ],
    ],