本文實例講述了yii權限控制的方法。分享給大家供大家參考,具體如下:
這裡摘錄以下3種:
1. 通過accessControl:
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
);
}
/**
* Specifies the access control rules.
* This method is used by the 'accessControl' filter.
* @return array access control rules
*/
public function accessRules()
{
return array(
array('allow', // allow authenticated users to access all actions
'users'=>array('@'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
2. 通過插件(如:right)
public function filters()
{
return array(
'rights',
);
}
3. 混合模式:
/**
* @return array action filters
*/
public function filters()
{
return array(
'updateOwn + update', // Apply this filter only for the update action.
'rights',
);
}
/**
* Filter method for checking whether the currently logged in user
* is the author of the post being accessed.
*/
public function filterUpdateOwn($filterChain)
{
$post=$this->loadModel();
// Remove the 'rights' filter if the user is updating an own post
// and has the permission to do so.
if(Yii::app()->user->checkAccess('PostUpdateOwn', array('userid'=>$post->author_id)))
$filterChain->removeAt(1);
$filterChain->run();
}
如果有權限的基礎上,開放某些動作的權限,可以通過allowedActions:
public function allowedActions()
{
return 'autocomplate,autocomplate2';
}
希望本文所述對大家基於Yii框架的PHP程序設計有所幫助。
