伙计们!
我正在使用yii1.1的rbac,当我调用actiondelete时,我得到了一个警告,比如“你没有权限执行此操作”。
我的访问规则是:
public function accessRules()
{
return array(
array('allow', // allow only authenticated users to perform 'index' and 'view' actions
'actions'=>array('index','view'),
'users'=>array('@'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update'),
'users'=>array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'users'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
我的删除操作是:
public function actionDelete($id)
{
$model=$this->loadModel($id);
$project=$this->loadProject($model->project_id);
$params=array('project'=>$project);
if(!Yii::app()->user->checkAccess('deleteIssue',$params))
{
throw new CHttpException(403,'You are not authorized to per-form this action');
}
if(Yii::app()->request->isPostRequest)
{
// we only allow deletion via POST request
$this->loadModel($id)->delete();
// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
if(!isset($_GET['ajax']))
$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
}
else
throw new CHttpException(400,'Invalid request. Please do not repeat this request again.');
}
但是,我可以准确地调用updateaction和viewaction。你能告诉我为什么吗?
1条答案
按热度按时间laik7k3q1#
我重写了accessRule,它已得到解决。
array('allow',//允许经过身份验证的用户执行'创建'和'更新'操作'action'=〉array('create','update','delete'),'users'=〉array('@'),),