Yii access - is it necessary to specify the list of actions in 'Only'?

A

Anton R.2019-11-28 23:36:17

Yii

Anton R., 2019-11-28 23:36:17

I'm trying access control (filter). There is a Blog Controller and it has actions: index, add. With this code, for some reason, in any case (and with blog/index and blog/add), it throws on login, although only the add action is listed in the list:

public function behaviors()
  {
      return [
          'access' => [
              'class' => AccessControl::className(),
              'rules' => [
                  [
                      'actions' => ['add'],
                      'allow' => true,
                      'roles' => ['admin'],
                  ],
              ],
          ]
      ];
  }

And if you add Only, then index is already normally available, but add is not:

public function behaviors()
  {
      return [
          'access' => [
              'class' => AccessControl::className(),
              'only' => ['add'],
              'rules' => [
                  [
                      'actions' => ['add'],
                      'allow' => true,
                      'roles' => ['admin'],
                  ],
              ],
          ]
      ];
  }

It turns out that the Only line should always be written in any case? Although in many code examples this Only is not. An example where there are no norms and works for a person:

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Arthur, 2019-11-29
@ar2rsoft

You can change the order in which the rules are applied, from "everything that is not allowed is prohibited", to "everything that is not prohibited is allowed". See the dock for AccessControl