问题描述
我在使用yii2-admin rbac功能 ,发现无论用户登录与否,在地址栏中都可以输入连接地址访问 权限控制admin模块.
问题出现的环境背景及自己尝试过哪些方法
yii2.0 composer 安装的yii2-admin 模块
相关代码
// 请把代码文本粘贴到下方(请勿用图片代替代码)
return [
'id' => 'app-backend',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend\controllers',
'bootstrap' => ['log'],
'modules' => [
'admin' => [
'class' => 'mdm\admin\Module',
],
],
'aliases' => [
'@mdm/admin' => '@vendor/mdmsoft/yii2-admin',
],
'components' => [
'request' => [
'csrfParam' => '_csrf-backend',
],
'user' => [
'identityClass' => 'mdm\admin\models\User',
'loginUrl' => '/admin/user/login',
'enableAutoLogin' => true,
'identityCookie' => ['name' => '_identity-backend', 'httpOnly' => true],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'advanced-backend',
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'authManager' => [
'class' => 'yii\rbac\DbManager',
// 'defaultRoles' => ['guest'],
],
'as access' => [
'class' => 'mdm\admin\components\AccessControl',
'allowActions' => [
//这里是允许访问的action,不受权限控制
// 'site/login',
// controller/action
]
],
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
[
'class' => 'yii\rest\UrlRule',
'controller' => 'site'
],
[
'class' => 'yii\rest\UrlRule',
'controller' => 'user'
],
],
],
],
'params' => $params,
你期待的结果是什么?实际看到的错误信息又是什么?
希望只有超级管理员才可以访问和设置 rbac 相关的路由及分配功能
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
