yii权限控制的方法(三种方法)
本文实例讲述了yii权限控制的方法。分享给大家供大家参考,具体如下:
这里摘录以下3种:
1.通过accessControl:
publicfunctionfilters() { returnarray( 'accessControl',//performaccesscontrolforCRUDoperations ); } /** *Specifiestheaccesscontrolrules. *Thismethodisusedbythe'accessControl'filter. *@returnarrayaccesscontrolrules */ publicfunctionaccessRules() { returnarray( array('allow',//allowauthenticateduserstoaccessallactions 'users'=>array('@'), ), array('deny',//denyallusers 'users'=>array('*'), ), ); }
2.通过插件(如:right)
publicfunctionfilters() { returnarray( 'rights', ); }
3.混合模式:
/** *@returnarrayactionfilters */ publicfunctionfilters() { returnarray( 'updateOwn+update',//Applythisfilteronlyfortheupdateaction. 'rights', ); } /** *Filtermethodforcheckingwhetherthecurrentlyloggedinuser *istheauthorofthepostbeingaccessed. */ publicfunctionfilterUpdateOwn($filterChain) { $post=$this->loadModel(); //Removethe'rights'filteriftheuserisupdatinganownpost //andhasthepermissiontodoso. if(Yii::app()->user->checkAccess('PostUpdateOwn',array('userid'=>$post->author_id))) $filterChain->removeAt(1); $filterChain->run(); }
如果有权限的基础上,开放某些动作的权限,可以通过allowedActions:
publicfunctionallowedActions() { return'autocomplate,autocomplate2'; }
希望本文所述对大家基于Yii框架的PHP程序设计有所帮助。