下面是我用来允许经过身份验证的用户执行一些操作的代码
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup'],
'rules' => [
[
'actions' => ['show'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['create', 'edit'],
'allow' => true,
'roles' => ['@'],
],
],
],
但是这个规则允许来宾输入创建操作。当然,默认情况下必须拒绝来宾用户。我做错了什么?
修改代码为:
'access' => [
'class' => AccessControl::className(),
'only' => ['logout', 'signup', 'create', 'edit'],
'rules' => [
[
'actions' => ['show'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['create', 'edit'],
'allow' => true,
'roles' => ['@'],
],
],
],
仅数组应包含此过滤器应应用于的动作id列表