问题
In my yii webapplication i disable and enable several url s to set privilege. But the same url can be accessed to a user that haven't the privilege to acces that url by copying the url or getting it form some where. What should i do to avoid this?
回答1:
In controller
the function behaviors is for this. you can find the doc in yii2 guide filters (core filter / access control).
This a medium complexity sample for rules (allow only index, view, mpdf-form for roles viewerApp and viewModule1. Allow all access to roles superAdmin, admin, managerModule1, managerApp)
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['index','view', 'mpdf-form'],
'allow' => true,
'roles' => ['vieweApp', 'viewerModule1'],
],
[
'allow' => true,
'roles' => ['superAdmin', 'admin', 'managerModule1', 'managerApp'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
],
],
];
}
来源:https://stackoverflow.com/questions/31489316/how-to-deny-the-access-of-url-in-yii-even-if-we-know-the-url