在我的sitecontroller中,我这样写
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index' ,'call-back'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['@'],
],
],
],
所以,如果我进行索引或回拨操作,我将重定向到登录页面.但我必须为每个控制器的所有动作做这件事.你能告诉我最好的办法吗?
aro*_*hev 30
将此规则放在本rules节的开头:
[
'allow' => true,
'roles' => ['@'],
],
省略actions所有行动.
所以你的AccessControl配置将是这样的:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['@'],
],
// ...
],
],
];
}
请记住,规则是按照声明的顺序应用的.
要在没有继承的情况下全局执行,请在应用程序配置中添加以下as beforeRequest数组(不在内部!)components声明:
'components' => [ ... ],
'as beforeRequest' => [
'class' => 'yii\filters\AccessControl',
'rules' => [
[
'allow' => true,
'actions' => ['login'],
],
[
'allow' => true,
'roles' => ['@'],
],
],
'denyCallback' => function () {
return Yii::$app->response->redirect(['site/login']);
},
],
此代码将在每个请求之前运行,并阻止除loginguest 虚拟机之外的所有操作.
确保login其他控制器中没有动作SiteController.如果存在(例如它们用于不同目的),则在相应的控制器中明确阻止它们.但这种情况非常罕见.
如果要为所有控制器操作添加访问控制.请在组件部分下的主配置文件中添加以下代码.
'as access' => [
'class' => \yii\filters\AccessControl::className(),//AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true,
],
[
'actions' => ['logout', 'index'], // add all actions to take guest to login page
'allow' => true,
'roles' => ['@'],
],
],
],