即使我们知道url，如何拒绝yii中的url访问? [英] how to deny the access of url in yii even if we know the url?

问题描述

在我的 yii 网络应用程序中，我禁用并启用了几个 url 来设置权限.但是，没有权限访问该 url 的用户可以通过复制 url 或从某个地方获取它来访问相同的 url.我应该怎么做才能避免这种情况?

In my yii webapplication i disable and enable several url s to set privilege. But the same url can be accessed to a user that haven't the privilege to acces that url by copying the url or getting it form some where. What should i do to avoid this?

推荐答案

在控制器中

函数行为就是为了这个.您可以在 yii2 指南过滤器(核心过滤器/访问控制).

the function behaviors is for this. you can find the doc in yii2 guide filters (core filter / access control).

这是一个中等复杂度的规则示例(仅允许对角色 viewerApp 和 viewModule1 使用索引、视图、mpdf 格式.允许对角色 superAdmin、admin、managerModule1、managerApp 的所有访问权限)

This a medium complexity sample for rules (allow only index, view, mpdf-form for roles viewerApp and viewModule1. Allow all access to roles superAdmin, admin, managerModule1, managerApp)

public function behaviors()
{
    return [
        'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                    'actions' => ['index','view', 'mpdf-form'],
                    'allow' => true,
                    'roles' => ['vieweApp', 'viewerModule1'],
                ],
                [
                    'allow' => true,
                    'roles' => ['superAdmin', 'admin', 'managerModule1', 'managerApp'],
                ],   
            ],
        ],         
        'verbs' => [
            'class' => VerbFilter::className(),
            'actions' => [
                'delete' => ['post'],
            ],
        ],
    ];
}

这篇关于即使我们知道url，如何拒绝yii中的url访问?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！