dz不是管理员不能访问admin.php,yii2-admin 如何限制admin模块不能在地址栏里输入访问只有设置的超级管理员才可以设置...

问题描述

我在使用yii2-admin rbac功能 ,发现无论用户登录与否,在地址栏中都可以输入连接地址访问 权限控制admin模块.

问题出现的环境背景及自己尝试过哪些方法

yii2.0 composer 安装的yii2-admin 模块

相关代码

// 请把代码文本粘贴到下方(请勿用图片代替代码)

return [

'id' => 'app-backend',

'basePath' => dirname(__DIR__),

'controllerNamespace' => 'backend\controllers',

'bootstrap' => ['log'],

'modules' => [

'admin' => [

'class' => 'mdm\admin\Module',

],

],

'aliases' => [

'@mdm/admin' => '@vendor/mdmsoft/yii2-admin',

],

'components' => [

'request' => [

'csrfParam' => '_csrf-backend',

],

'user' => [

'identityClass' => 'mdm\admin\models\User',

'loginUrl' => '/admin/user/login',

'enableAutoLogin' => true,

'identityCookie' => ['name' => '_identity-backend', 'httpOnly' => true],

],

'session' => [

// this is the name of the session cookie used for login on the backend

'name' => 'advanced-backend',

],

'log' => [

'traceLevel' => YII_DEBUG ? 3 : 0,

'targets' => [

[

'class' => 'yii\log\FileTarget',

'levels' => ['error', 'warning'],

],

],

],

'errorHandler' => [

'errorAction' => 'site/error',

],

'authManager' => [

'class' => 'yii\rbac\DbManager',

// 'defaultRoles' => ['guest'],

],

'as access' => [

'class' => 'mdm\admin\components\AccessControl',

'allowActions' => [

//这里是允许访问的action，不受权限控制

// 'site/login',

// controller/action

]

],

'urlManager' => [

'enablePrettyUrl' => true,

'showScriptName' => false,

'rules' => [

[

'class' => 'yii\rest\UrlRule',

'controller' => 'site'

],

[

'class' => 'yii\rest\UrlRule',

'controller' => 'user'

],

],

],

],

'params' => $params,

你期待的结果是什么？实际看到的错误信息又是什么？

希望只有超级管理员才可以访问和设置 rbac 相关的路由及分配功能