在控制器,你可以使用访问控制过滤器(ACF)
假设你在你的网站控制器希望只允许角色admin访问actionViewforadmin
use yii\web\Controller;
use yii\filters\AccessControl;
class SiteController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['login', 'logout', 'signup', 'viewforadmin'],
'rules' => [
[
'allow' => true,
'actions' => ['login', 'signup'],
'roles' => ['?'],
],
[
'allow' => true,
'actions' => ['logout'],
'roles' => ['@'],
],
[
'allow' => true,
'actions' => ['viewforadmin'],
'roles' => ['admin'],
],
],
],
];
}
// ...
}
你可以看看这个简短引导
http://www.yiiframework.com/doc-2.0/guide-security-authorization.html或该参考http://www.yiiframework.com/doc-2.0/yii-base-actionfilter.html
你有没有使用[访问控制过滤器(HTTP认为:// WWW。 yiiframework.com/doc-2.0/guide-security-authorization.html#access-control-filter)? – Bizley
是的,我做了@Bizley ...但我想要返回某个行为的结果,不管是哪个行为被调用,不要禁止其他行为。我还没有找到一种方法来做到这一点与访问控制... – thomas