2014-10-30 76 views
4

學習Yii Framework 2.0我試圖從Yii 2.0的文檔中使用Role Bases訪問控制。但是指南文件對我來說太短,我無法完成這一學習。我已將以下代碼添加到我的配置文件中。Yii Framework 2.0基於角色的訪問控制RBAC

'components' => [ 
    'authManager' => [ 
     'class' => 'yii\rbac\DbManager', 
    ], 
], 

我用下面的sql腳本創建數據庫表。

drop table [auth_assignment]; 
drop table [auth_item_child]; 
drop table [auth_item]; 
drop table [auth_rule]; 

create table [auth_rule] 
(
    [name] varchar(64) not null, 
    [data] text, 
    [created_at]   integer, 
    [updated_at]   integer, 
    primary key ([name]) 
); 

create table [auth_item] 
(
    [name]     varchar(64) not null, 
    [type]     integer not null, 
    [description]   text, 
    [rule_name]   varchar(64), 
    [data]     text, 
    [created_at]   integer, 
    [updated_at]   integer, 
    primary key ([name]), 
    foreign key ([rule_name]) references [auth_rule] ([name]) on delete set null on update cascade 
); 

create index [idx-auth_item-type] on [auth_item] ([type]); 

create table [auth_item_child] 
(
    [parent]    varchar(64) not null, 
    [child]    varchar(64) not null, 
    primary key ([parent],[child]), 
    foreign key ([parent]) references [auth_item] ([name]) on delete cascade on update cascade, 
    foreign key ([child]) references [auth_item] ([name]) on delete cascade on update cascade 
); 

create table [auth_assignment] 
(
    [item_name]   varchar(64) not null, 
    [user_id]    varchar(64) not null, 
    [created_at]   integer, 
    primary key ([item_name], [user_id]), 
    foreign key ([item_name]) references [auth_item] ([name]) on delete cascade on update cascade 
); 

我已經建立了以下認證數據。

class RbacController extends Controller 
{ 
    public function actionInit() 
    { 
     $auth = Yii::$app->authManager; 

     // add "createPost" permission 
     $createPost = $auth->createPermission('createPost'); 
     $createPost->description = 'Create a post'; 
     $auth->add($createPost); 

     // add "updatePost" permission 
     $updatePost = $auth->createPermission('updatePost'); 
     $updatePost->description = 'Update post'; 
     $auth->add($updatePost); 

     // add "author" role and give this role the "createPost" permission 
     $author = $auth->createRole('author'); 
     $auth->add($author); 
     $auth->addChild($author, $createPost); 

     // add "admin" role and give this role the "updatePost" permission 
     // as well as the permissions of the "author" role 
     $admin = $auth->createRole('admin'); 
     $auth->add($admin); 
     $auth->addChild($admin, $updatePost); 
     $auth->addChild($admin, $author); 

     // Assign roles to users. 1 and 2 are IDs returned by IdentityInterface::getId() 
     // usually implemented in your User model. 
     $auth->assign($author, 2); 
     $auth->assign($admin, 1); 
    } 
} 

當經由該控制器訪問該actionInit()方法,在上述數據庫中的表中充滿了基於上述碼的數據。此外,在我的用戶表中,我有兩個用戶,admin用戶的ID號爲1,author用戶的ID號爲2.我使用以下代碼創建用戶。

public function create() 
{ 
    if ($this->validate()) { 
     $user = new User(); 
     $user->username = $this->username; 
     $user->email = $this->email; 
     $user->setPassword($this->password); 
     $user->generateAuthKey(); 
     $user->save(false); 

     // the following three lines were added: 
     $auth = Yii::$app->authManager; 
     $authorRole = $auth->getRole('author'); 
     $auth->assign($authorRole, $user->getId()); 

     return $user; 
    } 

    return null; 
} 

通過上面的代碼,所有新插入的用戶都將是作者。通過下面的if語句,我可以授予或拒絕訪問。

if (\Yii::$app->user->can('createPost')) { 
    // create post 
} 

if (\Yii::$app->user->can('updatePost')) { 
    // update post 
} 

到目前爲止好。一切正常。上述代碼的場景是,普通作者可以創建帖子,但不能更新帖子。管理員可以更新帖子,並可以做一切作者可以做的事。現在我想讓普通作者能夠更新他/她自己的帖子。我不知道該怎麼走。我遵循Yii Guide Documentation/Secury/Authorization段落基於角色的訪問控制(RBAC)。我從來沒有使用過Yii 1.這就是爲什麼我無法解釋Yii 2.0文檔RBAC的簡短解釋。

+0

什麼是很難理解? – 2014-10-30 14:51:42

+0

下面的文檔http://www.yiiframework.com/doc-2.0/guide-security-authorization.html我不能讓它與updateOwnPost一起工作,不知道變量$ post下的值是什麼部分訪問檢查您是否訪問鏈接。真的很感謝,如果你能幫助! – 2014-10-30 15:51:04

+0

那是$ post模型。你能編輯你的問題,以特定的方式提出你想要的東西,解釋你已經做了什麼,以便給出具體的解決方案? – 2014-10-31 06:43:25

回答

4

你需要訪問規則和文檔都清楚,所以像

namespace app\rbac; 

use yii\rbac\Rule; 

/** 
* Checks if authorID matches user passed via params 
*/ 
class AuthorRule extends Rule 
{ 
    public $name = 'isAuthor'; 

    /** 
    * @param string|integer $user the user ID. 
    * @param Item $item the role or permission that this rule is associated with 
    * @param array $params parameters passed to ManagerInterface::checkAccess(). 
    * @return boolean a value indicating whether the rule permits the role or permission it is associated with. 
    */ 
    public function execute($user, $item, $params) 
    { 
     return isset($params['post']) ? $params['post']->createdBy == $user : false; 
    } 
} 

創建它,然後,

$auth = Yii::$app->authManager; 

// add the rule 
$rule = new \app\rbac\AuthorRule; 
$auth->add($rule); 

// add the "updateOwnPost" permission and associate the rule with it. 
$updateOwnPost = $auth->createPermission('updateOwnPost'); 
$updateOwnPost->description = 'Update own post'; 
$updateOwnPost->ruleName = $rule->name; 
$auth->add($updateOwnPost); 

// "updateOwnPost" will be used from "updatePost" 
$auth->addChild($updateOwnPost, $updatePost); 

// allow "author" to update their own posts 
$auth->addChild($author, $updateOwnPost); 

最後ASIGN作用註冊它加入你的RBAC角色到用戶

$auth = Yii::$app->authManager; 
$authorRole = $auth->getRole('author'); 
$auth->assign($authorRole, $userid_here); 

檢查用戶是否有能力編輯下面的使用代碼,其中$ post是帖子的模型

if (\Yii::$app->user->can('updatePost', ['post' => $post])) { 
    // update post 
} 

所有這些都來自指南。 讓我知道,如果你在我的腳本中有任何問題

+0

您的文本中的代碼:'將它添加到您的RBAC角色'中,將其放入我的RbacController中的actionInit()方法中? – 2014-11-01 11:08:20

+0

絕對!只需比較你的代碼。 – 2014-11-02 11:16:42

+0

我可以使用上述檢查任何模型的帖子?我仍然不明白它是如何知道這個檢查是關於哪個模型的。 – 2015-07-14 14:55:19

0
if (\Yii::$app->user->can('updatePost', ['post' => $post])) { 
    // update post } 

,我改變$post$model

if (\Yii::$app->user->can('updatePost', ['post' => $model])) { 
    // update post } 

然後它工作。

相關問題