我該如何拒絕具有角色成員的用戶訪問yii2中的后端?
[英]How can I deny access for users withe role member from access the backend in yii2?
問題描述
我想限制角色成員的用戶訪問后端。 我使用的是yii2 Advanced的默認RBAC進行授權,但無法在規則的訪問規則中添加任何角色:
rules => [
[
'actions' => ['login', 'error'],
'allow' => TRUE,
]
在后端的siteController中。 如果有任何辦法,我將很感激。
3 個解決方案
解決方案1
0 2016-05-12 09:34:01
如果您只想拒絕成員訪問並允許your_role,則可以
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => false,
'roles' => ['member']
],
[
'allow' => true,
'roles' => ['your_role'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
解決方案2
0 2016-05-12 09:44:02
無需編寫每個后端控制器行為的代碼。 您可以在$ config ['components']數組backend / config / main.php的末尾添加相同的代碼:
'as beforeRequest' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'allow' => false,
'roles' => ['member'],
],
],
'denyCallback' => function () {
return Yii::$app->response->redirect(['frontend']);
},
],
解決方案3
0 2016-05-12 15:09:52
嘗試這個 ,
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
'access' => [
'class' => AccessControl::className(),
// We will override the default rule config with the new AccessRule class
'ruleConfig' => [
'class' => AccessRule::className(),
],
'only' => ['index','create', 'update', 'delete'],
'rules' => [
[
'actions' => ['index','create'],
'allow' => true,
// Allow users, moderators and admins to create
'roles' => [
User::ROLE_USER,
User::ROLE_MODERATOR,
User::ROLE_ADMIN
],
],
[
'actions' => ['update'],
'allow' => true,
// Allow moderators and admins to update
'roles' => [
User::ROLE_MODERATOR,
User::ROLE_ADMIN
],
],
[
'actions' => ['delete'],
'allow' => true,
// Allow admins to delete
'roles' => [
User::ROLE_ADMIN
],
],
],
],
];
}
PHP:如何從yii2的模塊中訪問Web目錄中的.js和.csss?
[英]PHP: How do I can access .js and .csss in Web dir from my Module in yii2?
如何將Yeesoft / Yii2 cms RBAC(基於角色的訪問控制)與YII2前端RBAC集成?
[英]How to integrate Yeesoft/Yii2 cms RBAC (Role Based Access Control) with YII2 frontend RBAC?
Yii2訪問被拒絕(ForbiddenHttpException)到后端控制器
[英]Yii2 Access denied (ForbiddenHttpException) to backend controller
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.