yii权限控制的方法(三种方法)

这里摘录以下3种:

1. 通过accessControl:

public function filters() { return array( 'accessControl', // perform access control for CRUD operations ); } /** * Specifies the access control rules. * This method is used by the 'accessControl' filter. * @return array access control rules */ public function accessRules() { return array( array('allow', // allow authenticated users to access all actions 'users'=>array('@'), ), array('deny', // deny all users 'users'=>array('*'), ), ); }

2. 通过插件(如:right)

public function filters() { return array( 'rights', ); }

3. 混合模式:

/** * @return array action filters */ public function filters() { return array( 'updateOwn + update', // Apply this filter only for the update action. 'rights', ); } /** * Filter method for checking whether the currently logged in user * is the author of the post being accessed. */ public function filterUpdateOwn($filterChain) { $post=$this->loadModel(); // Remove the 'rights' filter if the user is updating an own post // and has the permission to do so. if(Yii::app()->user->checkAccess('PostUpdateOwn', array('userid'=>$post->author_id))) $filterChain->removeAt(1); $filterChain->run(); }

如果有权限的基础上,开放某些动作的权限,可以通过allowedActions:

public function allowedActions() { return 'autocomplate,autocomplate2'; }

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/e0ee448fad1d7519517b580b0b30ffea.html