即使我们知道url,如何拒绝yii中的url访问? [英] how to deny the access of url in yii even if we know the url?
问题描述
在我的 yii 网络应用程序中,我禁用并启用了几个 url 来设置权限.但是,没有权限访问该 url 的用户可以通过复制 url 或从某个地方获取它来访问相同的 url.我应该怎么做才能避免这种情况?
In my yii webapplication i disable and enable several url s to set privilege. But the same url can be accessed to a user that haven't the privilege to acces that url by copying the url or getting it form some where. What should i do to avoid this?
推荐答案
在控制器中
函数行为就是为了这个.您可以在 yii2 指南过滤器(核心过滤器/访问控制).
the function behaviors is for this. you can find the doc in yii2 guide filters (core filter / access control).
这是一个中等复杂度的规则示例(仅允许对角色 viewerApp 和 viewModule1 使用索引、视图、mpdf 格式.允许对角色 superAdmin、admin、managerModule1、managerApp 的所有访问权限)
This a medium complexity sample for rules (allow only index, view, mpdf-form for roles viewerApp and viewModule1. Allow all access to roles superAdmin, admin, managerModule1, managerApp)
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index','view', 'mpdf-form'],
'allow' => true,
'roles' => ['vieweApp', 'viewerModule1'],
],
[
'allow' => true,
'roles' => ['superAdmin', 'admin', 'managerModule1', 'managerApp'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
];
}
这篇关于即使我们知道url,如何拒绝yii中的url访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!