是否可以将RBAC yii' RBAC '规则应用于未经身份验证的用户(Yii::$app->user->isGuest == true
)?如果有,怎么做?
我的规则也用于经过身份验证的用户,将所有逻辑保存在一个地方将是很好的和DRY的,像这样:
class UserAccesslevelRule extends Rule {
public $name = 'userAccesslevel';
public function execute($userID, $item, $params) {
if (Yii::$app->user->isGuest && $someotherlogic == true) {
return true;
} else {
if ($somelogic == true) {
return true;
}
}
return false;
}
}
您可以使用ACF(访问控制过滤器),在控制器中您可以分配允许的操作
from Yii2 guide
use yii'web'Controller; use yii'filters'AccessControl; class SiteController extends Controller { public function behaviors() { return [ 'access' => [ 'class' => AccessControl::className(), 'only' => ['login', 'logout', 'signup'], 'rules' => [ [ 'allow' => true, 'actions' => ['login', 'signup'], 'roles' => ['?'], // <----- guest ], [ 'allow' => true, 'actions' => ['logout'], 'roles' => ['@'], ], ], ], ]; } // ... }
http://www.yiiframework.com/doc - 2.0/-指导-安全- authorization.html
使用RBAC,您还可以定义新规则,参见新规则http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#using-rules,但似乎您想要重新定义其客户的行为。定义了isGuest属性和getIsGuest()公共方法http://www.yiiframework.com/doc-2.0/yii-web-user.html为此,您应该扩展该类并重新定义isGuest函数。
在Controller中,你可以这样做
use yii'filters'AccessControl;
class controllerName extends Controller {
public function behaviors() {
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['index','Other_action_names'],
'rules' => [
[
'allow' => true,
'actions' => ['index','Other_action_names'],
'roles' => (Yii::$app->user->isGuest) ? ["@"] : [], // Your roles
],
],
],
];
}
public function actionIndex() {
$searchModel = new SearchModel();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams);
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider,
]);
}
}