所以,我创建了权限和角色,而不是注册每个用户获得" user"角色。 当用户试图更新其他人的帖子时,他不能,这没关系。问题是他甚至无法更新他的帖子。无法弄清楚。 (所有这些都适用于我更换"用户"与" @"在控制器中)
tasks:
id, task, prerequisite_id
1, A, 1
2, B, 2
3, C, 4
todos:
id, user_id, task_id, prerequisites
1, 1, 1, 7
2, 1, 2, 2
3, 2, 1, 5
AuthorAccessRule(在stackoverflow上找到它):
public function up()
{
$auth = Yii::$app->authManager;
//creating post
$createPost = $auth->createPermission('createPost');
$createPost->description = 'Create Post';
$auth->add($createPost);
//deleting post
$deletePost = $auth->createPermission('deletePost');
$deletePost->description = 'Delete Post';
$auth->add($deletePost);
//update post
$updatePost = $auth->createPermission('updatePost');
$updatePost->description = 'Update Post';
$auth->add($updatePost);
//delete user
$deleteUser = $auth->createPermission('deleteUser');
$deleteUser->description = 'Delete User';
$auth->add($deleteUser);
//create role 'user' and add permissions
$user = $auth->createRole('user');
$user->description = 'User';
$auth->add($user);
$auth->addChild($user, $createPost);
$auth->addChild($user, $deletePost);
$auth->addChild($user, $updatePost);
//create role 'admin' and add permissions
$admin = $auth->createRole('admin');
$admin->description = 'Administrator';
$auth->add($admin);
$auth->addChild($admin, $user);
$auth->addChild($admin, $deleteUser);
}
public function down()
{
Yii::$app->authManager->removeAll();
}
和控制器:
class AuthorAccessRule extends AccessRule
{
public $allow = true;
public $roles = ['@'];
public function allows($action, $user, $request)
{
$parentRules = parent::allows($action, $user, $request);
// $parentRes can be `null`, `false` or `true`.
// True means the parent rule matched and allows access.
if($parentRules != true)
{
return $parentRules;
}
return ($this->getProjectAuthorId($request) == $user->id);
}
private function getProjectAuthorId($request)
{
// Fill in code to receive the right project.
// assuming the project id is given à la `project/update?id=1
$postId = $request->get('id');
$post = Post::findOne($postId);
return isset($post) ? $post->user_id : null;
}
}
答案 0 :(得分:1)
尝试调试parent :: allow未通过的条件。哟可以通过例如:
来做到这一点public function allows($action, $user, $request)
{
$a = $this->matchAction($action);
$b = $this->matchRole($user);
$c = $this->matchIP($request->getUserIP());
$d = $this->matchVerb($request->getMethod());
$e = $this->matchController($action->controller);
$f = $this->matchCustom($action);
$g = $this->allow;
throw new \Exception("$a, $b, $c, $d, $e, $f, $g");
$parentRules = parent::allows($action, $user, $request);
// $parentRes can be `null`, `false` or `true`.
// True means the parent rule matched and allows access.
if($parentRules != true)
{
return $parentRules;
}
return ($this->getProjectAuthorId($request) == $user->id);
}
在异常消息中检查女巫案例是否为0?