Answer the question
In order to leave comments, you need to log in
J
J
jekahm2016-09-22 17:34:42
jekahm, 2016-09-22 17:34:42
Access Control Filter rule not firing in Yii2?
Good day!
I'm trying to implement an access filter in such a way that only authorized users have access to all actions of the comment controller , and only a user with the moderator role has access to the delete comment action .
Made it a trace. way:
class CommentsController extends FrontendController
{
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'create' => ['post'],
'add' => ['post'],
'delete' => ['post'],
],
],
'access' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['@'],
],
[
'allow' => true,
'actions' => ['delete'],
'roles' => ['moderator'],
],
],
],
];
}
...But as a result, all authorized users still have access to the comment removal action.
What could be the problem?
Thanks in advance!
2 answer(s)
@dom1n1k
@slo_nik
https://github.com/yiisoft/yii2/blob/master/docs/g...
D
dom1n1k, 2016-09-09 @dom1n1k
It looks a bit like Lazursky's typeface, but no, it's not...
www.paratype.ru/pstore/default.asp?fcode=PT_LZR
D
Dmitry, 2016-09-22 @slo_nik
Good evening
: sets the roles of users that match this rule. Two special roles are recognized and checked with :
?: corresponds to a guest user (not authenticated),
@: corresponds to an authenticated user.
Using other role names will result in the method being called, which requires RBAC to be enabled (described later). If the property is empty or not set, then the rule applies to all roles.
https://github.com/yiisoft/yii2/blob/master/docs/g...
Similar questions
A
A
A
V
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question