我在应用程序中设置正确的规则时遇到问题。以下是我的代码。。。我创建角色、资源和限制。。但是我希望"执政官"被允许访问/mymodule,但被拒绝访问/mymmodule/{add,edit,delete}。。。因此"operator"到处都是,除了删除mymodule的控制器。。。
//creating roles
$guest = new GenericRole('guest');
$consul = new GenericRole('consul');
$operat = new GenericRole('operat');
$admin = new GenericRole('admin');
//adding roles
$acl -> addRole($guest);
$acl -> addRole($consul,'guest');
$acl -> addRole($operat,'consul');
$acl -> addRole($admin,'operat');
//adding resources
$acl -> addResource(new GenericResource('home'));
$acl -> addResource(new GenericResource('application'));
$acl -> addResource(new GenericResource('auth'));
$acl -> addResource(new GenericResource('mymodule'));
//adding restrictions
$acl -> allow('guest', 'home');
$acl -> allow('guest', 'application');
$acl -> allow('guest', 'auth');
$acl -> deny('guest', 'mymodule');
$acl -> allow('consul','mymodule');
$acl -> allow('operat','mymodule','index');
$acl -> deny('consul','mymodule','add');
$acl -> deny('consul','mymodule','edit');
$acl -> deny('consul','mymodule','delete');
$acl -> allow('operat','mymodule');
$acl -> deny('operat','mymodule','delete');
$acl -> allow('admin');
zf2不允许将/mymodule查看为'consul',而不是期望的行为,如果我尝试调试,我会得到以下结果(我的代码和注释中的结果):
//some tests
echo $acl->isAllowed('guest', 'mymodule') ? 'allowed' : 'denied'; // denied
echo $acl->isAllowed('guest', 'mymodule','index') ? 'allowed' : 'denied'; // denied
echo $acl->isAllowed('guest', 'mymodule','add') ? 'allowed' : 'denied'; // denied
echo $acl->isAllowed('consul','mymodule') ? 'allowed' : 'denied'; // denied
echo $acl->isAllowed('consul','mymodule','index') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('consul','mymodule','default') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('consul','mymodule','add') ? 'allowed' : 'denied'; // denied
echo $acl->isAllowed('consul','mymodule','edit') ? 'allowed' : 'denied'; // denied
echo $acl->isAllowed('operat','mymodule') ? 'allowed' : 'denied'; // denied
echo $acl->isAllowed('operat','mymodule','index') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('operat','mymodule','default') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('operat','mymodule','add') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('operat','mymodule','edit') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('operat','mymodule','delete') ? 'allowed' : 'denied'; // denied
echo $acl->isAllowed('admin','mymodule') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('admin','mymodule','index') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('admin','mymodule','default') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('admin','mymodule','add') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('admin','mymodule','edit') ? 'allowed' : 'denied'; // allowed
echo $acl->isAllowed('admin','mymodule','delete') ? 'allowed' : 'denied'; // allowed
谁能帮我理解这种奇怪的行为?我的错在哪里?
提前感谢
如果您拒绝consul角色对资源的某些权限,则不会将其视为拥有该资源的所有权限(这是您在执行$acl->isAllowed('consul', 'mymodule')时所要求的)。
基本上,您需要允许一个特定的权限(例如index),并对该权限进行检查。