在我的 Controller 中,我有
/**
* @return array action filters
*/
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
);
}
/**
* Specifies the access control rules.
* This method is used by the 'accessControl' filter.
* @return array access control rules
*/
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index','view'),
'users'=>array('*'),
),
array('allow', // allow players to comment on games
'actions'=>array('createComment'),
'roles'=>array('createComment'),
),
array('allow', // allow users to update and delete their own comments
'actions'=>array('deleteComment'),
'expression'=>'return $user->id==Game::model()->findByPk(Yii::app()->getRequest()->getQuery("id"))->author->id;',
),
array('allow', // allow admin users to create, update, delete and manage games
'actions'=>array('admin','create','update','delete','deleteComment'),
'roles'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
但出于某种原因,deleteComment 上的表达式总是给我一个 403 错误(未授权)。即使我已经测试了那个表达式并且得到了 true。甚至把'expression'=>'return true;'不起作用。 :( 我完全糊涂了……有什么想法吗? 谢谢,布拉德(:
最佳答案
表达式的开头有一个额外的return
。 Yii already adds one ,所以有两个结果会导致语法错误。删除你的,你会很高兴。
关于php - Yii accessRules 表达式不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10097355/