我以为我在控制器中使用此代码创建了一个成功的登录系统:
public function actionLogin()
{
if (!\Yii::$app->user->isGuest) {
return $this->redirect(Yii::$app->request->baseUrl.'/telephone/index');
}
$model = new LoginForm();
if ($model->load(Yii::$app->request->post()) && $model->login()) {
return $this->redirect(Yii::$app->request->baseUrl.'/telephone/add');
}
return $this->render('login', [
'model' => $model,
]);
}
但我意识到任何人都可以访问/telephone/add而无需登录直接访问网址。如何阻止访问该页面。
答案 0 :(得分:0)
您可以正确配置相关控制器中的行为
use yii\filters\AccessControl;
use yii\filters\VerbFilter;
/**
* Site controller
*/
class YourTelephoneController extends Controller
{
/**
* @inheritdoc
*/
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
.......
[
'actions' => ['add', ],
'allow' => true,
'roles' => ['@'],
],
........
],
],
];
}
...
请参阅以下链接了解更多http://www.yiiframework.com/doc-2.0/guide-structure-filters.html#access-control
http://www.yiiframework.com/doc-2.0/guide-structure-filters.html
http://www.yiiframework.com/doc-2.0/yii-base-actionfilter.html