rbac添加权限 提示‘您没有执行此操作的权限。’ [ 2.0 版本 ]
` public function actionApprove($id)
{
print_r('开始审核');//
//exit;
$model = $this->findModel($id);
if($model->approve()) //审核
{
print_r('开始审核');//
return $this->redirect(['index']);
}
else
{
print_r('审核出现异常');
exit;
}
}`
这个是controller 里面的代码
下面是错误日志:
exception 'yii\web\ForbiddenHttpException' with message '您没有执行此操作的权限。' in C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\filters\AccessControl.php:151
Stack trace:
#0 C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\filters\AccessControl.php(134): yii\filters\AccessControl->denyAccess(Object(yii\web\User))
#1 C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\base\ActionFilter.php(71): yii\filters\AccessControl->beforeAction(Object(yii\base\InlineAction))
#2 [internal function]: yii\base\ActionFilter->beforeFilter(Object(yii\base\ActionEvent))
#3 C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\base\Component.php(541): call_user_func(Array, Object(yii\base\ActionEvent))
#4 C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\base\Controller.php(269): yii\base\Component->trigger('beforeAction', Object(yii\base\ActionEvent))
#5 C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\web\Controller.php(108): yii\base\Controller->beforeAction(Object(yii\base\InlineAction))
#6 C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\base\Controller.php(152): yii\web\Controller->beforeAction(Object(yii\base\InlineAction))
#7 C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\base\Module.php(454): yii\base\Controller->runAction('approve', Array)
#8 C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\web\Application.php(84): yii\base\Module->runAction('diao-cha/approv...', Array)
#9 C:\wamp\www\blogdemo2\vendor\yiisoft\yii2\base\Application.php(375): yii\web\Application->handleRequest(Object(yii\web\Request))
#10 C:\wamp\www\blogdemo2\backend\web\index.php(18): yii\base\Application->run()
#11 {main}
最佳答案
-
johnny1991 发布于 2017-09-18 13:40 举报共 4 条回复
yii-learner 回复于 2017-09-18 14:23 回复// 添加 "approveComment" 权限
$approveComment = $auth->createPermission('approveComment'); $approveComment->description = '审核评论'; $auth->add($approveComment); // 添加 "approveDiaocha" 权限 $approveDiaocha = $auth->createPermission('approveDiaocha'); $approveDiaocha->description = '审核调查表'; $auth->add($approveDiaocha);$diaochaAuditor = $auth->createRole('diaochaAuditor');
$diaochaAuditor->description = '调查表审核员'; $auth->add($diaochaAuditor); $auth->addChild($diaochaAuditor, $approveDiaocha); // 添加 "admin" 角色并赋予所有其他角色拥有的权限 $admin = $auth->createRole('admin'); $commentAuditor->description = '系统管理员'; $auth->add($admin); $auth->addChild($admin, $postAdmin); $auth->addChild($admin, $commentAuditor); $auth->addChild($admin, $diaochaAuditor);我已经添加了啊,为什么还是提示没有权限呢?
博客来源功能的权限都好用,我新增加一个调查表的权限,对应代码也是在RbacController.php中添加的,请大神指教yii-learner 回复于 2017-09-18 14:38 回复修改了控制器文件 添加了 approve ,没有提示权限问题,并且可以审核,但是为什么同样postController 文件中没有approve,可以审核呢
'access' =>['class' => AccessControl::className(), 'rules' => [ [ 'actions' => ['index', 'view'], 'allow' => true, 'roles' => ['?'], ], [ 'actions' => ['view', 'index', 'create','update','delete','approve'], 'allow' => true, 'roles' => ['@'], ], ], ], ];johnny1991 回复于 2017-09-18 18:38 回复首先,你要确保postcontroller里面是不是用了AccessControl
其次,accesscontrol的roles为‘?’表示不需要登陆就可以访问,'@'表示登陆用户才可以访问,所以你要看看你的'approve'是不是写入到了指定的规则里面,如果用了accesscontrol就必须要指定approve的访问roles,不然访问不了的yii-learner 回复于 2017-09-19 10:24 回复@johnny1991 不好意思说错了哈 ,是 CommentConroller,里面有个方法是审核评论的,
/**CommentController implements the CRUD actions for Comment model.
/
class CommentController extends Controller
{
/*- @inheritdoc
*/
public function behaviors()
{
return ['verbs' => [ 'class' => VerbFilter::className(), 'actions' => [ 'delete' => ['POST'], ], ],];
}
/**
- Lists all Comment models.
@return mixed
*/
public function actionIndex()
{
$searchModel = new CommentSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams);return $this->render('index', [
'searchModel' => $searchModel, 'dataProvider' => $dataProvider,]);
}
/**
- Displays a single Comment model.
- @param integer $id
- @return mixed
*/
public function actionView($id)
{
return $this->render('view', ['model' => $this->findModel($id),]);
}
/**
- Creates a new Comment model.
- If creation is successful, the browser will be redirected to the 'view' page.
@return mixed
*/
public function actionCreate()
{
$model = new Comment();if ($model->load(Yii::$app->request->post()) && $model->save()) {
return $this->redirect(['view', 'id' => $model->id]);} else {
return $this->render('create', [ 'model' => $model, ]);}
}
/**
- Updates an existing Comment model.
- If update is successful, the browser will be redirected to the 'view' page.
- @param integer $id
@return mixed
*/
public function actionUpdate($id)
{
$model = $this->findModel($id);if ($model->load(Yii::$app->request->post()) && $model->save()) {
return $this->redirect(['view', 'id' => $model->id]);} else {
return $this->render('update', [ 'model' => $model, ]);}
}
/**
- Deletes an existing Comment model.
- If deletion is successful, the browser will be redirected to the 'index' page.
- @param integer $id
@return mixed
*/
public function actionDelete($id)
{
$this->findModel($id)->delete();return $this->redirect(['index']);
}
/**
- Finds the Comment model based on its primary key value.
- If the model is not found, a 404 HTTP exception will be thrown.
- @param integer $id
- @return Comment the loaded model
- @throws NotFoundHttpException if the model cannot be found
*/
protected function findModel($id)
{
if (($model = Comment::findOne($id)) !== null) {return $model;} else {
throw new NotFoundHttpException('The requested page does not exist.');}
}
public function actionApprove($id)
{
$model = $this->findModel($id);
if($model->approve()) //审核
{
return $this->redirect(['index']);
}
}
这里面没有accessControl,是怎么控制权限的呢,是根据后台那4张表来判断权限的吗,科室后台表中存放数据如何和控制器文件中进行关联的呢?- @inheritdoc
其他 0 个回答
yii-learner
最后登录:2017-11-01
在线时长:2小时4分
- 粉丝0
- 金钱205
- 威望0
- 积分225