Yii2 RBAC使用详解

jerry Yii2 2015年11月15日 收藏

1.在/basic/config/console.php和/basic/config/web.php里,配置组件,这里只贴出console.php里的代码 :

<?php  
      
    Yii::setAlias('@tests', dirname(__DIR__) . '/tests');  
      
    $params = require(__DIR__ . '/params.php');  
    $db = require(__DIR__ . '/db.php');  
      
    return [  
        'id' => 'basic-console',  
        'basePath' => dirname(__DIR__),  
        'bootstrap' => ['log', 'gii'],  
        'controllerNamespace' => 'app\commands',  
        'modules' => [  
            'gii' => 'yii\gii\Module',  
        ],  
        'components' => [  
            'cache' => [  
                'class' => 'yii\caching\FileCache',  
            ],  
            'log' => [  
                'targets' => [  
                    [  
                        'class' => 'yii\log\FileTarget',  
                        'levels' => ['error', 'warning'],  
                    ],  
                ],  
            ],  
            'db' => $db,'authManager' => [  
                        'class' => 'yii\rbac\DbManager',  
                        'itemTable' => 'web_auth_item',  
                        'assignmentTable' => 'web_auth_assignment',  
                        'itemChildTable' => 'web_auth_item_child',  
                        'ruleTable'=>'web_auth_rule'  
                ],  
        ],  
        'params' => $params,  
    ];

如果console.php里没有配置,会报下面错误:

You should configure "authManager" component to use database before executing this migration.

2.打开命令行

3.cd 命令切换到/php/basic目录 

4.输入命令:

yii migrate --migrationPath=@yii/rbac/migrations/

5.创建Permission:

    public function createPermission($item)  
    {  
        $auth = Yii::$app->authManager;  
      
        $createPost = $auth->createPermission($item);  
        $createPost->description = '创建了 ' . $item . ' 许可';  
        $auth->add($createPost);  
    }

6.创建Role:

    public function createRole($item)  
        {  
            $auth = Yii::$app->authManager;  
      
            $role = $auth->createRole($item);  
            $role->description = '创建了 ' . $item . ' 角色';  
            $auth->add($role);  
        }

7.Role分配Permission

    static public function createEmpowerment($items)  
       {  
           $auth = Yii::$app->authManager;  
      
           $parent = $auth->createRole($items['name']);  
           $child = $auth->createPermission($items['description']);  
      
           $auth->addChild($parent, $child);  
       }

8.角色分配用户:

    static public function assign($item)  
       {  
           $auth = Yii::$app->authManager;  
           $reader = $auth->createRole($item['name']);  
           $auth->assign($reader, $item['description']);  
       }

9.验证权限:

    public function beforeAction($action)  
       {  
           $action = Yii::$app->controller->action->id;  
           if(\Yii::$app->user->can($action)){  
               return true;  
           }else{  
               throw new \yii\web\UnauthorizedHttpException('对不起,您现在还没获此操作的权限');  
           }  
       }

10.Controller里的权限验证

class SiteController extends Controller  
    {  
        public function behaviors()  
        {  
            return [  
                'access' => [  
                    'class' => \yii\web\AccessControl::className(),  
                    'only' => ['login', 'logout', 'signup'],  
                    'rules' => [  
                        [  
                            'actions' => ['login', 'signup'],  
                            'allow' => true,  
                            'roles' => ['?'],  
                        ],  
                        [  
                            'actions' => ['logout'],  
                            'allow' => true,  
                            'roles' => ['@'],  
                        ],  
                    ],  
                ],  
            ];  
        }  
        // ...

11.在Controller里自定义验证

  class SiteController extends Controller  
    {  
        public function behaviors()  
        {  
            return [  
                'access' => [  
                    'class' => \yii\web\AccessControl::className(),  
                    'only' => ['special-callback'],  
                    'rules' => [  
                        [  
                            'actions' => ['special-callback'],  
                            'allow' => true,  
                            'matchCallback' => function ($rule, $action) {  
                                return date('d-m') === '31-10';  
                            }  
                        ],  
    // ...  
     // Match callback called! 此页面可以访问只有每个10月31日  
     public function actionSpecialCallback()  
     {  
         return $this->render('happy-halloween');  
     }