yii2 的restful 我已经弄清楚登陆的原理accesstoken ,
来源:3-3 使用过滤器AccessControl控制认证用户
锋君
2017-09-27
<?php
namespace app\controllers\api;
use yii\rest\Controller;
use yii\web\Response;
use Yii;
use yii\filters\auth\CompositeAuth;
use yii\filters\auth\HttpBasicAuth;
use yii\filters\auth\HttpBearerAuth;
use yii\filters\auth\QueryParamAuth;
class BaseController extends Controller
{
protected $actions = ['*'];
protected $except = [];
protected $mustlogin = [];
protected $verbs = [];
public $device ;
//直接在响应主体内包含分页信息
// public $serializer = [
// 'class' => 'yii\rest\Serializer',
// 'collectionEnvelope' => 'items',
// ];
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBasicAuth::className(),
HttpBearerAuth::className(),
QueryParamAuth::className(),
],
];
$behaviors['access'] = [
'class' => \yii\filters\AccessControl::className(),
'only' => $this->actions,
'except' => $this->except,
"user"=>"apiuser",
'rules' => [
[
'allow' => false,
'actions' => empty($this->mustlogin) ? [] : $this->mustlogin,
'roles' => ['?'], // guest
],
[
'allow' => true,
'actions' => empty($this->mustlogin) ? [] : $this->mustlogin,
'roles' => ['@'],
],
],
];
$behaviors['verbs']=[
'class' => \yii\filters\VerbFilter::className(),
'actions' => $this->verbs,
];
return $behaviors;
}
public function checkAccess($action, $model = null, $params = [])
{
if ($action === 'index' || $action === 'delete') {
if ($model->author_id !== \Yii::$app->user->id)
throw new \yii\web\ForbiddenHttpException(sprintf('You can only %s articles that you\'ve created.', $action));
}
}behaviour的AccessControl没办法过来登陆用户和分登陆用户的问题。我测试很多便,文档也看了
后来在checkAccess這个方法,也没有办法。
写回答
1回答
-
锋君
提问者
2017-09-27
求老师指点迷津。checkAccess集成activeController没有办法过滤。文档说是用重写這个方法,yii2但是没有效果父类也没有看到checkAccess這个放发
052017-09-30
相似问题