Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
441 views
in Technique[技术] by (71.8m points)

php - how to deny the access of url in yii even if we know the url?

In my yii webapplication i disable and enable several url s to set privilege. But the same url can be accessed to a user that haven't the privilege to acces that url by copying the url or getting it form some where. What should i do to avoid this?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

In controller

the function behaviors is for this. you can find the doc in yii2 guide filters (core filter / access control).

This a medium complexity sample for rules (allow only index, view, mpdf-form for roles viewerApp and viewModule1. Allow all access to roles superAdmin, admin, managerModule1, managerApp)

public function behaviors()
{
    return [
        'access' => [
            'class' => AccessControl::className(),
            'rules' => [
                [
                    'actions' => ['index','view', 'mpdf-form'],
                    'allow' => true,
                    'roles' => ['vieweApp', 'viewerModule1'],
                ],
                [
                    'allow' => true,
                    'roles' => ['superAdmin', 'admin', 'managerModule1', 'managerApp'],
                ],   
            ],
        ],         
        'verbs' => [
            'class' => VerbFilter::className(),
            'actions' => [
                'delete' => ['post'],
            ],
        ],
    ];
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...