See Yii:: $app->authmanager->createpermission (' createpost ') can create Createpost permissions;
And then assign it to a user who has this permission.
I think ' createpost ' should be just the name of the authority, in fact he might correspond to a logout operation (assuming). So how does Yii relate the permissions to the specific action?
Do you want to cooperate with Accesscoltrol to use it? If so, what is the point of this permission? Just give it to role?
Ask for advice. 3Q first~
Reply content:
See Yii:: $app->authmanager->createpermission (' createpost ') can create Createpost permissions;
And then assign it to a user who has this permission.
I think ' createpost ' should be just the name of the authority, in fact he might correspond to a logout operation (assuming). So how does Yii relate the permissions to the specific action?
Do you want to cooperate with Accesscoltrol to use it? If so, what is the point of this permission? Just give it to role?
Ask for advice. 3Q first~
Just do the right to judge this piece, I give you answer.
Accesscoltrol This is a form
Index, view two action is to be able to judge by Accesscoltrol
public Function behaviors () {return [' access ' + = ' cl "Accesscontrol::classname" (), ' only ' + = [' index ', ' View ', ' Create ', ' Update '], ' rules ' = > [' actions ' = = [' index '],//guest visible ' allow ' and ' = True ', ' Roles ' = ['? '],], [' actions ' = = ' view ', ' create ', ' Update ',//login user ' Allow '--true, ' roles ' = [' @ '],], [' actions ' = = [' Create ', ' Update '],//post request ' allow ' = = true, ' Verbs ' = [' POST ']],], [],];} Public Function Actionindex () {return ' guest visible ';} Public Function Actionview () {echo ' login user is visible: '. ' \ n "; Return Yii:: $app->user->identity->id;}
Using RBAC, put them in their own way.
The advantage is the use of flexibility, the disadvantage is that each time to write the code of acquaintance
public function actionCreate(){ if (Yii::$app->user->can('CreatePost')) { return '可以的'; } else { throw new UnauthorizedHttpException('对不起,您现在还没获此操作的权限。'); }}public function actionUpdate(){ if (Yii::$app->user->can('UpdatePost')) { return '可以的'; } else { throw new UnauthorizedHttpException('对不起,您现在还没获此操作的权限。'); }}
Using RBAC, put it in the Beforeaction method.
In contrast to the above point, to determine which permissions are based on the requested action
public function beforeAction($action) { if (parent::beforeAction($action)) { //print_r($action); // 权限名字传递过去(CreatePost) if (!Yii::$app->user->can('CreatePost')) { throw new UnauthorizedHttpException(Yii::t('yii', '对不起,您现在还没获此操作的权限')); } return true; } else { return false; }}
Finally, I'll give you reference: Http://www.yiichina.com/doc/guide/2.0/security-authorization
[The user has been blocked] what does it mean to be blocked?
JavaScript local variable has no attribute descriptor