Yii基于角色的访问控制(非Rbac)
生活随笔
收集整理的這篇文章主要介紹了
Yii基于角色的访问控制(非Rbac)
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
今天遇到了權限控制的問題,后臺不同級別的用戶登錄后看到的內容是不一樣的。網上查了下,說Yii中有自帶的RBAC權限控制,大概看了下,沒理解太明白。然后就是采用filter進行過濾驗證,看著這個還不錯。下面簡單說下我是我怎么用的,不對的地方希望大神們給予指教。
1.在cp_user表里增加了一個level字段,代表用戶的級別,1代表管理員admin,2代表普通用戶common_user
2.在components的UserIdentity.php里添加用戶角色
class UserIdentity extends CUserIdentity {/*** Authenticates a user.* The example implementation makes sure if the username and password* are both 'demo'.* In practical applications, this should be changed to authenticate* against some persistent user identity storage (e.g. database).* @return boolean whether authentication succeeds.*/public function authenticate(){$username=strtolower($this->username);$user=User::model()->find('LOWER(username)=?',array($username));if($user===null)$this->errorCode=self::ERROR_USERNAME_INVALID;else if($user->password!=$this->password)$this->errorCode=self::ERROR_PASSWORD_INVALID;else{$this->username=$user->username;$this->setState('roles', $user->level==1?'admin':'commen_user'); //添加用戶角色$this->errorCode=self::ERROR_NONE;}return $this->errorCode==self::ERROR_NONE;}}上面這句$this->setState('roles',$user->level==1?'admin':'commen_user')非常重要,這里表示添加了一個用戶的角色
3.重寫CWebUser,放在components文件夾下(WebUser.php)
class WebUser extends CWebUser {/*** Overrides a Yii method that is used for roles in controllers (acce***ules).** @param string $operation Name of the operation required (here, a role).* @param mixed $params (opt) Parameters for this operation, usually the object to access.* @return bool Permission granted?*/public function checkAccess($operation, $params=array()){if (empty($this->id)) {// Not identified => no rightsreturn false;}$role = $this->getState("roles");if ($role ==='admin') { //管理員return true; // admin role has access to everything}// allow access if the operation request is the current user's rolereturn ($operation === $role);} }4.控制器里修改
public function filters(){return array('accessControl', // perform access control for CRUD operations'postOnly + delete', // we only allow deletion via POST request);}/*** Specifies the access control rules.* This method is used by the 'accessControl' filter.* @return array access control rules*/public function acce***ules(){return array(array('allow', // allow all users to perform 'index' and 'view' actions'actions'=>array('index','view','login','passwordupdate'),'users'=>array('*'),),array('allow', // allow authenticated user to perform 'create' and 'update' actions'actions'=>array('create','update','getuser','delete'),'roles'=>array('admin'),//表示只有角色為admin的用戶才能訪問),array('deny', // deny all users'users'=>array('*'),),);}5.修改配置文件main.php
'user'=>array(// enable cookie-based authentication'class'=>'WebUser','allowAutoLogin'=>true,'loginUrl' => array('/user/login'),),6.視圖中如何用?
array('name'=>'status', 'type'=>'html', 'value'=>'Customer::showStatus($data->status, $data->id)','visible'=> Yii::app()->user->checkAccess('admin')),array('name'=>'employee_id', 'type'=>'html', 'value'=>'Customer::isDivided($data->employee_id, $data->id)','visible'=> Yii::app()->user->checkAccess('admin')),原理:當用戶登錄的時候,獲取用戶的level字段,并添加相應的角色,若是1則該用戶為admin,否則就是common_user.然后重寫CWebUser中的checkAccess方法,如果是admin,則有權操作相應的權限。最后在控制器里rules里定義規則,有一個roles屬性,我們給它設置為admin,表示只有角色為admin的才能進行相關的action操作。
轉載于:https://blog.51cto.com/php2013/1363163
總結
以上是生活随笔為你收集整理的Yii基于角色的访问控制(非Rbac)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 孕妇梦到狗是什么意思
- 下一篇: 孕妇梦到两条黑鱼是什么意思