我在应用程序中使用RBAC控件,通常使用Yii::$app->user->can('permission')
。但我有问题,当我把访问控制和RBAC结合起来时,它不起作用。例如我的代码:
public function behaviors() {
return [
'access' => [
'class' => AccessControl::className(),
'ruleConfig' => [
'class' => AccessRule::className(),
],
'only' => ['test', 'view', 'index', 'ajaxdatevehicle', 'price_list', 'ajax_suggest_area', 'view-admin'],
'rules' => [
[
'actions' => ['test', 'view', 'index', 'ajaxdatevehicle', 'price_list', 'ajax_suggest_area', 'view-admin'],
'allow' => false,
'roles' => [
'?',
],
],
[
'actions' => ['test', 'view', 'index', 'ajaxdatevehicle', 'price_list', 'ajax_suggest_area', 'view-admin'],
'allow' => true,
'roles' => [
'@',
],
],
[
'actions' => ['index'],
'allow' => true,
'roles' => ['?'],
],
[
// This is the problem
'actions' => ['view'],
'allow' => true,
'roles' => [
'?',
User::ROLE_CUSTOMER,
Yii::$app->user->can('customer'),
],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
];
}
我希望页面"视图"只能由客户访问,那么如何解决这个问题呢?。
或者最好的做法是什么?。
感谢
这种方式
[
// This is the problem
'actions' => ['view'],
'allow' => true,
'roles' => ['customer'],
],