1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | <?phpnamespace app\controllers\api;use yii\rest\Controller;use yii\web\Response;use Yii;use yii\filters\auth\CompositeAuth;use yii\filters\auth\HttpBasicAuth;use yii\filters\auth\HttpBearerAuth;use yii\filters\auth\QueryParamAuth;class BaseController extends Controller{ protected $actions = ['*']; protected $except = []; protected $mustlogin = []; protected $verbs = []; public $device ; //直接在响应主体内包含分页信息 // public $serializer = [ // 'class' => 'yii\rest\Serializer', // 'collectionEnvelope' => 'items', // ]; public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator'] = [ 'class' => CompositeAuth::className(), 'authMethods' => [ HttpBasicAuth::className(), HttpBearerAuth::className(), QueryParamAuth::className(), ], ]; $behaviors['access'] = [ 'class' => \yii\filters\AccessControl::className(), 'only' => $this->actions, 'except' => $this->except, "user"=>"apiuser", 'rules' => [ [ 'allow' => false, 'actions' => empty($this->mustlogin) ? [] : $this->mustlogin, 'roles' => ['?'], // guest ], [ 'allow' => true, 'actions' => empty($this->mustlogin) ? [] : $this->mustlogin, 'roles' => ['@'], ], ], ]; $behaviors['verbs']=[ 'class' => \yii\filters\VerbFilter::className(), 'actions' => $this->verbs, ]; return $behaviors; } public function checkAccess($action, $model = null, $params = []) { if ($action === 'index' || $action === 'delete') { if ($model->author_id !== \Yii::$app->user->id) throw new \yii\web\ForbiddenHttpException(sprintf('You can only %s articles that you\'ve created.', $action)); } } |
behaviour的AccessControl没办法过来登陆用户和分登陆用户的问题。我测试很多便,文档也看了
后来在checkAccess這个方法,也没有办法。
登录后可查看更多问答,登录/注册
