这是我的代码。无需登录,我也可以进入主页。当按下注销按钮时,它会将我带到登录页面。如果我在没有登录的情况下再次加载主页,它会起作用。我如何解决这个问题?
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'rules' => [
[
'allow' => true,
'actions' => [],
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
您应该阅读以下内容:http://www.yiiframework.com/doc-2.0/guide-security-authorization.html
actions
:指定此规则匹配的操作。这应该是一个操作ID数组。比较区分大小写如果此选项为空或未设置,则表示该规则适用于所有操作。
所以你应该简单地尝试一下:
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
我认为你应该限制访客只能访问登录页面
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['login',],
'rules' => [
[
'allow' => true,
'actions' => [],
'roles' => ['?'],
],
[
'actions' => ['logout','index','prospects','merchants','accounts','notifications','reports','view-prospect','new-merchant-account-info','new-merchant-bank-info','new-merchant-business-info','new-merchant-success-message','new-merchant','new-prospect-success-message','edit-prospect','new-prospect'],
'allow' => true,
'roles' => ['@'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
],
],
];
}
首先你可以设置登录url来访问每个人。
角色=>[?']
注销操作将只访问登录用户
角色=>['@']
休息你可以在这个功能中添加的所有动作
'rules' => [
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['@'],
],
],