specialnot 2015-10-13 11:22:19 5772次浏览 2条评论 2 1 0

权限节点名称为 controllerid.''.action_id

在BaseController.php 中添加

public function beforeAction($action)
{
    if(parent::beforeAction($action)){
        $controllerId=$action->controller->id;
        $actionId=$action->id;
        $nodeName=$controllerId.'_'.$actionId;
        $user=\Yii::$app->user->identity;
        if(in_array($nodeName,['site_login','site_error', 'site_password'])){
            return true;
        }
        if(!\Yii::$app->user->isGuest){
            //检查是否没有修改默认密码
            if($user->getIsDefaultPwd()&&!in_array($nodeName,['site_login','site_error','site_password'])){
                return $this->redirect(['/site/password']);
            }
        }
        if($controllerId==='site'||$user->getId()==User::SUPER_ADMIN){
            return true;
        }
        if(\Yii::$app->user->can($nodeName)){
            return true;
        }else{
            throw new ForbiddenHttpException('对不起,您现在还没获此操作的权限');
        }
    }else{
        return false;
    }
}
觉得很赞
您需要登录后才可以评论。登录 | 立即注册