Yii2 对后端控制器的访问被拒绝(ForbiddenHttpException)

【问题标题】:Yii2 Access denied (ForbiddenHttpException) to backend controllerYii2 对后端控制器的访问被拒绝(ForbiddenHttpException)
【发布时间】:2015-12-06 17:11:04
【问题描述】:

我安装了新的 Yii 高级框架。 Nginx 服务器。

以下网址工作正常: http://yii/backend/web/index.php?r=site/index

我使用 GII 创建了新的 CRUD 并访问了: http://yii/backend/web/index.php?r=user/index

它显示以下错误:

An Error occurred while handling another error:
exception 'yii\web\ForbiddenHttpException' with message 'You are not allowed to perform this action.' in /private/var/www/yii/advanced/vendor/yiisoft/yii2/filters/AccessControl.php:151
Stack trace:
#0 /private/var/www/yii/advanced/vendor/yiisoft/yii2/filters/AccessControl.php(134): yii\filters\AccessControl->denyAccess(Object(yii\web\User))
#1 /private/var/www/yii/advanced/vendor/yiisoft/yii2/base/ActionFilter.php(71): yii\filters\AccessControl->beforeAction(Object(yii\web\ErrorAction))
#2 [internal function]: yii\base\ActionFilter->beforeFilter(Object(yii\base\ActionEvent))
#3 /private/var/www/yii/advanced/vendor/yiisoft/yii2/base/Component.php(541): call_user_func(Array, Object(yii\base\ActionEvent))
#4 /private/var/www/yii/advanced/vendor/yiisoft/yii2/base/Controller.php(263): yii\base\Component->trigger('beforeAction', Object(yii\base\ActionEvent))
#5 /private/var/www/yii/advanced/vendor/yiisoft/yii2/web/Controller.php(108): yii\base\Controller->beforeAction(Object(yii\web\ErrorAction))
#6 /private/var/www/yii/advanced/vendor/yiisoft/yii2/base/Controller.php(149): yii\web\Controller->beforeAction(Object(yii\web\ErrorAction))
#7 /private/var/www/yii/advanced/vendor/yiisoft/yii2/base/Module.php(455): yii\base\Controller->runAction('error', Array)
#8 /private/var/www/yii/advanced/vendor/yiisoft/yii2/web/ErrorHandler.php(85): yii\base\Module->runAction('site/error')
#9 /private/var/www/yii/advanced/vendor/yiisoft/yii2/base/ErrorHandler.php(109): yii\web\ErrorHandler->renderException(Object(yii\web\NotFoundHttpException))
#10 [internal function]: yii\base\ErrorHandler->handleException(Object(yii\web\NotFoundHttpException))
#11 {main}
Previous exception:
exception 'yii\base\InvalidRouteException' with message 'Unable to resolve the request "user/index".' in /private/var/www/yii/advanced/vendor/yiisoft/yii2/base/Module.php:461
Stack trace:
#0 /private/var/www/yii/advanced/vendor/yiisoft/yii2/web/Application.php(84): yii\base\Module->runAction('user/index', Array)
#1 /private/var/www/yii/advanced/vendor/yiisoft/yii2/base/Application.php(375): yii\web\Application->handleRequest(Object(yii\web\Request))
#2 /private/var/www/yii/advanced/backend/web/index.php(18): yii\base\Application->run()
#3 {main}

Next exception 'yii\web\NotFoundHttpException' with message 'Page not found.' in /private/var/www/yii/advanced/vendor/yiisoft/yii2/web/Application.php:96
Stack trace:
#0 /private/var/www/yii/advanced/vendor/yiisoft/yii2/base/Application.php(375): yii\web\Application->handleRequest(Object(yii\web\Request))
#1 /private/var/www/yii/advanced/backend/web/index.php(18): yii\base\Application->run()
#2 {main}

我错过了任何配置吗?

【问题讨论】:

  • 使用 gii 的路径可能有些错误...
  • @scaisEdge 相关文件生成路径正确
  • 检查供应商 diir 的权限确保您对每个人都有可执行权限
  • 提供完整的控制器代码

标签: php yii2 yii2-advanced-app


【解决方案1】:

Yii2 isset 访问控制

public function behaviors()
{
return [
    'access' => [
        'class' => \yii\filters\AccessControl::className(),
        'only' => ['create', 'update'],
        'rules' => [
            // deny all POST requests
            [
                'allow' => false,
                'verbs' => ['POST']
            ],
            // allow authenticated users
            [
                'allow' => true,
                'roles' => ['@'],
            ],
            // everything else is denied
        ],
    ],
];
}

【讨论】:

    【解决方案2】:

    异常 'yii\web\ForbiddenHttpException' 带有消息'你不是 允许执行此操作。在 /private/var/www/yii/advanced/vendor/yiisoft/yii2/filters/AccessControl.php:151

    这里是yii2代码 

        /**
     * Denies the access of the user.
     * The default implementation will redirect the user to the login page if he is a guest;
     * if the user is already logged, a 403 HTTP exception will be thrown.
     * @param User $user the current user
     * @throws ForbiddenHttpException if the user is already logged in.
     */
    protected function denyAccess($user)
    {
        if ($user->getIsGuest()) {
            $user->loginRequired();
        } else {
            throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.')); 
//this is 152 line
        }
    }

    所以我觉得很明显你需要先登录,所以去http://yii/backend/web/index.php?r=user/login

    如果没有登录用户/登录页面,则删除 UserController 顶部的所有 behaviors 部分。

        public function behaviors()
    {
.
.
.        
    }

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2015-04-08
      • 2013-09-30
      • 1970-01-01
      • 2016-04-10
      • 2021-04-02
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode