如何通过 id 限制 yii2 上的访问 url 视图 [英] how to limit access url view on yii2 by id

问题描述

我基本上是一名 PHP 开发人员 &学习Yii2.我正在开发具有基于帐户的登录系统的 Web 应用程序.就像我在 PHP Web 应用程序中所做的那样，如果另一个用户未通过身份验证，我想阻止他/她访问视图.就像有人试图从外部访问 url(任何相关的 URL)一样:

I am basically a PHP developer & learning Yii2. I am working on web application that has account based login system. Like the way i was doing in PHP web applications, i want to stop another user from accessing the view if he/she is not authenticated. Its like if someone tries to access url(any related URL) externally:

www.example.com/permintaanbarang/index.php?r=user/view&id=1改成另一个用户的 www.example.com/permintaanbarang/index.php?r=user/view&id=2

www.example.com/permintaanbarang/index.php?r=user/view&id=1 chage to www.example.com/permintaanbarang/index.php?r=user/view&id=2 by another user

当时应该将该人重定向到登录页面或NotFound 404通知，因为该人无权直接访问基于帐户的页面.

At that time that person should be redirected to login page or Notice NotFound 404 as that person is not authorized to access account based page directly.

在MVC框架中实现这个的方向是什么???

What are the directions to implement this in MVC framework???

推荐答案

控制访问并避免来宾用户(未通过身份验证)访问的一种简单方法是使用过滤器进行访问控制

A simple way for controlling access and avoid to guest user (not authenticated) to access is use filter for access control

<?php
namespace yourapp\controllers;

use Yii;
use yii\filters\AccessControl;
use yii\web\Controller;
use common\models\LoginForm;
use yii\filters\VerbFilter;

/**
 * Site controller
 */
class SiteController extends Controller
{
    /**
     * @inheritdoc
     */
    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                    [
                        'actions' => ['login', 'error'],
                        'allow' => true,
                    ],
                    [
                        'actions' => ['logout', 'index'],
                        'allow' => true,
                        'roles' => ['@'],
                    ],
                ],
            ],
            'verbs' => [
                'class' => VerbFilter::className(),
                'actions' => [
                    'logout' => ['post'],
                ],
            ],
        ];
    }

在此示例中，您可以看到您可以配置您可以访问的所有操作和已验证的 @你会发现这个指南很有用 http://www.yiiframework.com/doc-2.0/guide-security-authorization.html 和这个参考 http://www.yiiframework.com/doc-2.0/yii-filters-accesscontrol.html

In this sample you can see that you can configure the action you can access ofr all and for authenticated @ You can find useful this guide http://www.yiiframework.com/doc-2.0/guide-security-authorization.html and this reference http://www.yiiframework.com/doc-2.0/yii-filters-accesscontrol.html

在 Yii2 中，您还可以使用 RBAC 授权组件来定义用户类别并授予此类特定访问规则..

In Yii2 you can also use a RBAC authrization component for define class of user and grant to this class specific accessing rules ..

并且您还可以以编程方式检查 RABC Auth 是否满足特定需求，例如:

and you can also check programmaticaly the RABC Auth for specific need eg:

   if (!Yii::$app->user->isGuest) { // if the user is authenticated (not guest)
                if ( Yii::$app->User->can('admin') ){ // if the role is admin 

                ..... 
                you app code  

这篇关于如何通过 id 限制 yii2 上的访问 url 视图的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！