Yii验证和授权

jerry Yii 2015年11月23日 收藏
<?php
class TblPostController extends Controller{
    /**
     * @return array 过滤器列表,会顺序执行
     */
    public function filters(){
        return array('accessControl', // perform access control for CRUD operations);
    }
    /**
     * Specifies the access control rules.
     * This method is used by the 'accessControl' filter.
     * @return array access control rules
     */
    public function accessRules(){
        return array(
            array(
                'allow',  //代表来宾用户
                'actions'=>array('index','view'),
                'users'=>array('*'),
            ),
            array(
                'allow', //@代表有角色的
                'actions'=>array('create','update'),
                'users'=>array('@'),
            ),
            array(
                'allow', //allow admin user to perform 'admin' and 'delete'
                'actions'=>array('admin','delete'),
                'users'=>array('admin'),
            ),
            array(
                'deny',  //*代表所有的用户
                'users'=>array('*'),
            ),
        );
    }
}
?>

accessControl其实是CController下的方法,

<?php   
/**
 * The filter method for 'accessControl' filter.
 * This filter is a wrapper of {@link CAccessControlFilter}.
 * To use this filter, you must override {@link accessRules} method.
 * @param CFilterChain the filter chain that the filter is on.
 */
public function filterAccessControl($filterChain){
    $filter=new CAccessControlFilter;
    $filter->setRules($this->accessRules());
    $filter->filter($filterChain);
}
?>

通过上面我们知道他调用的其实是CAccessControlFilter过滤器。查看手册,accessRules规则的全部说明是。

array(
    'allow',  // or 'deny'   //设置哪个动作匹配此规则  
    'actions'=>array('edit', 'delete'),  // 设置匹配的控制权
  
    // This option is available since version 1.0.3.  
    'controllers'=>array('post', 'admin/user'),  // 设置哪个用户匹配此规则
      
    // Use * to represent all users, ? guest users, and @ authenticated users  
    'users'=>array('thomas', 'kevin'),  
    // 设定哪个角色匹配此规则.  
    'roles'=>array('admin', 'editor'),  
    // 指定哪个IP地址匹配这个规则   
    'ips'=>array('127.0.0.1'),  
    // 指定那种请求方式匹配规则  
    'verbs'=>array('GET', 'POST'),  
    //  设定一个PHP表达式。它的值用来表明这条规则是否适用。
    //在表达式,你可以使用一个叫$user的变量,它代表的是Yii::app()->user。这个选项是在1.0.3版本里引入的。  
    'expression'=>'!$user->isGuest && $user->level==2',
);

2、RBAC验证授权方式

1)在配置文件main.php中配置

authManager' => array(   
    'class' => 'CDbAuthManager',   
    'defaultRoles'=>array('guest'),//默认角色             
    'itemTable' => 'authitem',//认证项表名称             
    'itemChildTable' => 'authitemchild',//认证项父子关系             
    'assignmentTable' => 'authassignment',//认证项赋权关系    
    'connectionID'=>'db'
),

'authitem'这个三个表是yii默认的

2)在创建角色

$auth = Yii::app()->authManager;        
//创建动作        
$auth->createOperation('index','日志列表');        
$auth->createOperation('view','查看日志');        
$auth->createOperation('create','添加日志');        
$auth->createOperation('update','更新日志');        
$auth->createOperation('delete','添加列表');       
//创建角色        
$role = $auth->createRole('admin');        
$role->addChild('index');        
$role->addChild('view');        
$role->addChild('create');        
$role->addChild('update');        
$role->addChild('delete');