[英]Yii2 access controll rule doesn't deny guests
Here is code that I use for allowing authenticated users to do some actions 这是我用于允许经过身份验证的用户执行某些操作的代码
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup'],
'rules' => [
[
'actions' => ['show'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['create', 'edit'],
'allow' => true,
'roles' => ['@'],
],
],
],
But this rules allow guests to enter create action. 但是,此规则允许访客输入创建动作。 Afaik, by default guest users must be denied.
Afaik,默认情况下,必须拒绝来宾用户。 What am I doing wrong?
我究竟做错了什么?
Modify your code to: 修改您的代码以:
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup', 'create', 'edit'],
'rules' => [
[
'actions' => ['show'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['create', 'edit'],
'allow' => true,
'roles' => ['@'],
],
],
],
Only array should contain List of action IDs that this filter should apply to. 仅数组应包含此过滤器应应用的操作ID列表。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.