这是我的代码。没有登录也可以进入主页。当按下注销按钮时,它会将我带到登录页面。如果我再次加载主页没有登录它的工作原理。我如何解决这个问题?
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'rules' => [
[
'allow' => true,
'actions' => [],
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
答案 0 :(得分:1)
你应该读到这个: http://www.yiiframework.com/doc-2.0/guide-security-authorization.html
actions
:指定此规则匹配的操作。这应该是一系列操作ID。比较区分大小写。 如果此选项为空或未设置,则表示该规则适用于所有操作。
所以你应该试试:
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
答案 1 :(得分:0)
我认为您应该只限访问访客页面
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['login',],
'rules' => [
[
'allow' => true,
'actions' => [],
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
答案 2 :(得分:0)
首先,您可以设置登录网址,访问所有人。
roles => ['']
并且注销操作将仅访问登录用户
roles => [' @']
暂停您可以在此功能中添加的所有操作
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['@'],
],
],