Yii2 AccessControl-拒绝访问的奇怪行为
[英]Yii2 AccessControl - Strange behavior for deny access
问题描述
I want to deny access to the controller for certain roles. 
我想拒绝某些角色对控制器的访问。
So I write the rule: 所以我写了规则:
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
// 'actions' => null,
'allow' => false,
'roles' => ['designer'],
],
],
],
Despite that my role is admin , it throw 403. 尽管我的角色是admin ,但它抛出403。
Of course, I could write the opposite: 当然,我可以写相反的东西:
'allow' => true,
'roles' => ['admin', 'seller'],
But I want to understand why the first case does not work. 但我想了解为什么第一种情况不起作用。
1 个解决方案
解决方案1
2 已采纳 2018-02-01 16:00:36
I deduce from the docs that when you use AccessControl , all the present rules are evaluated sequentially. 我从文档中推断出,当您使用AccessControl ,所有当前规则都是按顺序评估的。 The first rule that matches the request is triggered, and it determines what happens with it. 触发与请求匹配的第一条规则,并确定发生了什么。 At the end, if no rule is triggered, the request is denied by default. 最后,如果未触发任何规则,则默认情况下将拒绝该请求。 Therefore, if you only want to restrict 1 role and accept everything else, you should add an allow rule with no conditions after your deny rule. 因此,如果您只想限制1个角色并接受其他所有角色,则应在deny规则之后添加一个无条件的allow规则。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.