yii权限控制的方法(三种方法)
本文实例讲述了yii权限控制的方法。分享给大家供大家参考,具体如下:
这里摘录以下3种:
1.通过accessControl:
publicfunctionfilters()
{
returnarray(
'accessControl',//performaccesscontrolforCRUDoperations
);
}
/**
*Specifiestheaccesscontrolrules.
*Thismethodisusedbythe'accessControl'filter.
*@returnarrayaccesscontrolrules
*/
publicfunctionaccessRules()
{
returnarray(
array('allow',//allowauthenticateduserstoaccessallactions
'users'=>array('@'),
),
array('deny',//denyallusers
'users'=>array('*'),
),
);
}
2.通过插件(如:right)
publicfunctionfilters()
{
returnarray(
'rights',
);
}
3.混合模式:
/**
*@returnarrayactionfilters
*/
publicfunctionfilters()
{
returnarray(
'updateOwn+update',//Applythisfilteronlyfortheupdateaction.
'rights',
);
}
/**
*Filtermethodforcheckingwhetherthecurrentlyloggedinuser
*istheauthorofthepostbeingaccessed.
*/
publicfunctionfilterUpdateOwn($filterChain)
{
$post=$this->loadModel();
//Removethe'rights'filteriftheuserisupdatinganownpost
//andhasthepermissiontodoso.
if(Yii::app()->user->checkAccess('PostUpdateOwn',array('userid'=>$post->author_id)))
$filterChain->removeAt(1);
$filterChain->run();
}
如果有权限的基础上,开放某些动作的权限,可以通过allowedActions:
publicfunctionallowedActions()
{
return'autocomplate,autocomplate2';
}
希望本文所述对大家基于Yii框架的PHP程序设计有所帮助。