YII framework下基于角色的访问控制(RBAC)
yii下,filters()和accessControl()是YII基本的访问控制体系,<br>public function filters(){<br> return array(<br> 'accessControl',<br> );<br>}<br><br>public function accessControl(){<br> return array(<br> array(<br> 'allow', //allow or deny 允许或者拒绝<br> 'controllers' => array('controllersList'), //对控制器进行访问控制<br> 'actions' => array('actionsList'), //对action进行访问控制<br> 'users' => array('usersList'), //对用户<br> <span style="font-weight: bold;">'roles' => array('roles'),</span> //对角色<br> 'ips' => array('ip 地址'), //对客户端地址<br> 'verbs' => array('GET','POST'), //对客户端的请求方式<br> 'expression' => '' //对表达式(一般是业务逻辑)<br> 'message' => 'thank your access', //错误信息提示,一般是deny时用到<br> ),<br> array(....),<br> ....<br> array('deny', users => array('*')),<br> );<br>}<br><br>好了,有了以上的访问控制,我们针对上面的roles进行讨论RBAC。<br>Yii的RBAC是基于一个组件authManager的,可以先在main。php中配置authManager<br>authManger分为基于数据库的和基于PHP脚本的,一般如果你的应用程序基于数据库(mysql或者pgsql),最好把authManger配置为CDbAuthManger,而不是CPhpAuthManger。<br>...<br>'authManager' => array(<br> 'class' => 'CDbAuthManager',<br> 'connectionID' => 'db',<br>),<br><br>'db' => array(...),<br>...<br><br>配置好了以后,需要在数据库中增加3个存放RBAC规则的表:<br>AuthItem -- 存放建立的授权项目(role、task或者opration)<br>AuthItemChild -- 存放授权项目的继承关系<br>AuthAssignMent -- 存放用户和授权项目的关系表<br><br><br><div id="codeText" class="codeText"><ol style="margin:0 1px 0 0;padding:5px 0;" start="1" class="dp-css"><li><span style="color:#000000;"><span style="color:#0000FF;">CREATE</span> <span style="color:#0000FF;">TABLE</span> <span style="color:#FF00FF;">`authitem`</span> <span style="color:#0000CC;">(</span> <br></span></li><li> <span style="color:#FF00FF;">`name`</span> <span style="color:#FF0000;">varchar</span><span style="color:#0000CC;">(</span>64<span style="color:#0000CC;">)</span> <span style="color:#FF0000;">NOT</span> <span style="color:#0000FF;">NULL</span><span style="color:#0000CC;">,</span> <br></li><li>
<span style="color:#FF00FF;">`type`</span> <span style="color:#FF0000;">int</span><span style="color:#0000CC;">(</span>11<span style="color:#0000CC;">)</span> <span style="color:#FF0000;">NOT</span> <span style="color:#0000FF;">NULL</span><span style="color:#0000CC;">,</span> <br></li><li>
<span style="color:#FF00FF;">`description`</span> <span style="color:#FF0000;">text</span><span style="color:#0000CC;">,</span> <br></li><li>
<span style="color:#FF00FF;">`bizrule`</span> <span style="color:#FF0000;">text</span><span style="color:#0000CC;">,</span> <br></li><li>
<span style="color:#FF00FF;">`data`</span> <span style="color:#FF0000;">text</span><span style="color:#0000CC;">,</span> <br></li><li>
PRIMARY KEY <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`name`</span><span style="color:#0000CC;">)</span> <br></li><li>
<span style="color:#0000CC;">)</span> ENGINE<span style="color:#0000CC;">=</span>InnoDB <span style="color:#FF0000;">DEFAULT</span> <span style="color:#FF0000;">CHARSET</span><span style="color:#0000CC;">=</span>utf8;</li></ol></div><div id="codeText" class="codeText"><ol style="margin:0 1px 0 0;padding:5px 0;" start="1" class="dp-css"><li><span style="color:#000000;"><span style="color:#0000FF;">CREATE</span> <span style="color:#0000FF;">TABLE</span> <span style="color:#FF00FF;">`authitemchild`</span> <span style="color:#0000CC;">(</span> <br></span></li><li>
<span style="color:#FF00FF;">`parent`</span> <span style="color:#FF0000;">varchar</span><span style="color:#0000CC;">(</span>64<span style="color:#0000CC;">)</span> <span style="color:#FF0000;">NOT</span> <span style="color:#0000FF;">NULL</span><span style="color:#0000CC;">,</span> <br></li><li>
<span style="color:#FF00FF;">`child`</span> <span style="color:#FF0000;">varchar</span><span style="color:#0000CC;">(</span>64<span style="color:#0000CC;">)</span> <span style="color:#FF0000;">NOT</span> <span style="color:#0000FF;">NULL</span><span style="color:#0000CC;">,</span> <br></li><li>
PRIMARY KEY <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`parent`</span><span style="color:#0000CC;">,</span><span style="color:#FF00FF;">`child`</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span> <br></li><li>
KEY <span style="color:#FF00FF;">`child`</span> <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`child`</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span> <br></li><li>
CONSTRAINT <span style="color:#FF00FF;">`authitemchild_ibfk_1`</span> FOREIGN KEY <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`parent`</span><span style="color:#0000CC;">)</span> REFERENCES <span style="color:#FF00FF;">`authitem`</span> <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`name`</span><span style="color:#0000CC;">)</span> ON <span style="color:#0000FF;">DELETE</span> CASCADE ON <span style="color:#0000FF;">UPDATE</span> CASCADE<span style="color:#0000CC;">,</span><br></li><li>
CONSTRAINT <span style="color:#FF00FF;">`authitemchild_ibfk_2`</span> FOREIGN KEY <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`child`</span><span style="color:#0000CC;">)</span> REFERENCES <span style="color:#FF00FF;">`authitem`</span> <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`name`</span><span style="color:#0000CC;">)</span> ON <span style="color:#0000FF;">DELETE</span> CASCADE ON <span style="color:#0000FF;">UPDATE</span> CASCADE <br></li><li>
<span style="color:#0000CC;">)</span> ENGINE<span style="color:#0000CC;">=</span>InnoDB <span style="color:#FF0000;">DEFAULT</span> <span style="color:#FF0000;">CHARSET</span><span style="color:#0000CC;">=</span>utf8;</li></ol></div>
<br><div id="codeText" class="codeText"><ol style="margin:0 1px 0 0;padding:5px 0;" start="1" class="dp-css"><li><span style="color:#000000;"><span style="color:#0000FF;">CREATE</span> <span style="color:#0000FF;">TABLE</span> <span style="color:#FF00FF;">`authassignment`</span> <span style="color:#0000CC;">(</span> <br></span></li><li>
<span style="color:#FF00FF;">`itemname`</span> <span style="color:#FF0000;">varchar</span><span style="color:#0000CC;">(</span>64<span style="color:#0000CC;">)</span> <span style="color:#FF0000;">NOT</span> <span style="color:#0000FF;">NULL</span><span style="color:#0000CC;">,</span> <br></li><li>
<span style="color:#FF00FF;">`userid`</span> <span style="color:#FF0000;">varchar</span><span style="color:#0000CC;">(</span>64<span style="color:#0000CC;">)</span> <span style="color:#FF0000;">NOT</span> <span style="color:#0000FF;">NULL</span><span style="color:#0000CC;">,</span> <br></li><li>
<span style="color:#FF00FF;">`bizrule`</span> <span style="color:#FF0000;">text</span><span style="color:#0000CC;">,</span> <br></li><li>
<span style="color:#FF00FF;">`data`</span> <span style="color:#FF0000;">text</span><span style="color:#0000CC;">,</span> <br></li><li>
PRIMARY KEY <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`itemname`</span><span style="color:#0000CC;">,</span><span style="color:#FF00FF;">`userid`</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span> <br></li><li>
CONSTRAINT <span style="color:#FF00FF;">`authassignment_ibfk_1`</span> FOREIGN KEY <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`itemname`</span><span style="color:#0000CC;">)</span> REFERENCES <span style="color:#FF00FF;">`authitem`</span> <span style="color:#0000CC;">(</span><span style="color:#FF00FF;">`name`</span><span style="color:#0000CC;">)</span> ON <span style="color:#0000FF;">DELETE</span> CASCADE ON <span style="color:#0000FF;">UPDATE</span> CASCADE<br></li><li>
<span style="color:#0000CC;">)</span> ENGINE<span style="color:#0000CC;">=</span>InnoDB <span style="color:#FF0000;">DEFAULT</span> <span style="color:#FF0000;">CHARSET</span><span style="color:#0000CC;">=</span>utf8;</li></ol></div>建好表以后,就可以用Yii提供的authManger组件的API建立相关的授权项目,并指定授权关系了。<br><br>下面是一个例子:<br><br>下面做一个实例:<br>
<a href="http://my.chinaunix.nethttp://blog.chinaunix.net/attachment/201103/23/395468_1300863507Xa2c.png" target="_blank" target="_blank"><img src="http://my.chinaunix.nethttp://blog.chinaunix.net/attachment/201103/23/395468_1300863507Xa2c.png" border="0"></a><br>
我们要实现上面的授权关系。<br><br><br><div id="codeText" class="codeText"><ol style="margin:0 1px 0 0;padding:5px 0;" start="1" class="dp-css"><li><span style="color:#000000;"><span style="color:#FF0000;">class</span> AuthManagerController <span style="color:#FF0000;">extends</span> Controller<span style="color:#0000CC;">{</span><br></span></li><li>
public function actionIndex<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">{</span><br></li><li>
$auth <span style="color:#0000CC;">=</span> Yii<span style="color:#0000CC;">:</span><span style="color:#0000CC;">:</span>app<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>authManager<span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
if <span style="color:#0000CC;">(</span><span style="color:#0000CC;">$</span>auth <span style="color:#0000CC;">!</span><span style="color:#0000CC;">=</span><span style="color:#0000CC;">=</span> NULL<span style="color:#0000CC;">)</span><span style="color:#0000CC;">{</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>clearAll<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>create roles<br></li><li>
$roleOwner <span style="color:#0000CC;">=</span> $auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createRole<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'owner'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleReader <span style="color:#0000CC;">=</span> $auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createRole<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'reader'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleMember <span style="color:#0000CC;">=</span> $auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createRole<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'member'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleBlackList <span style="color:#0000CC;">=</span> $auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createRole<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'blackList'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
<span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>create operations<br></li><li>
<span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>issues<br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'createIssue'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'create issue in project'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'readIssue'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'read issue'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'updateIssue'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'update issue'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'deleteIssue'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'delete issue'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
<span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>projects<br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'createProject'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'create a new project'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'readProject'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'read project'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'updateProject'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'update project'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'deleteProject'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'delete project'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
<span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>users<br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'createUser'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'create a new user'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'readUser'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'read user'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'updateUser'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'update user'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOperation<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'deleteUser'</span><span style="color:#0000CC;">,</span> <span style="color:#FF00FF;">'delete user'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
<span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>authorization<br></li><li>
$roleReader<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'readIssue'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleReader<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'readProject'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleReader<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'readUser'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
$roleMember<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'reader'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleMember<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'createIssue'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleMember<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'updateIssue'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleMember<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'deleteIssue'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
$roleOwner<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'reader'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleOwner<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'member'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleOwner<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'createProject'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleOwner<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'updateProject'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleOwner<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'deleteProject'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleOwner<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'createUser'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleOwner<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'updateUser'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$roleOwner<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'deleteUser'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
<span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>assign<br></li><li>
<span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>此时,在Issue中的rules中设置view和index的roles<span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'member'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span>不管是什么用户,都无法访问这两个action<br></li><li>
$userAdmin <span style="color:#0000CC;">=</span> User<span style="color:#0000CC;">:</span><span style="color:#0000CC;">:</span>model<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>findByAttributes<span style="color:#0000CC;">(</span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'username'</span> <span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span> <span style="color:#FF00FF;">'admin'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>assign<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'owner'</span><span style="color:#0000CC;">,</span> $userAdmin<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span><span style="color:#FF0000;">id</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>assign<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'member'</span><span style="color:#0000CC;">,</span> $userAdmin<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span><span style="color:#FF0000;">id</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span> <span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>将用户名为admin(id<span style="color:#0000CC;">=</span>3)指定为member角色,这样就可以访问了。<br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>assign<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'reader'</span><span style="color:#0000CC;">,</span> $userAdmin<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span><span style="color:#FF0000;">id</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
$userDemo <span style="color:#0000CC;">=</span> User<span style="color:#0000CC;">:</span><span style="color:#0000CC;">:</span>model<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>findByAttributes<span style="color:#0000CC;">(</span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'username'</span> <span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span> <span style="color:#FF00FF;">'demo'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>assign<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'member'</span><span style="color:#0000CC;">,</span> $userDemo<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span><span style="color:#FF0000;">id</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span> <span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>将用户名为admin(id<span style="color:#0000CC;">=</span>3)指定为member角色,这样就可以访问了。<br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>assign<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'reader'</span><span style="color:#0000CC;">,</span> $userDemo<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span><span style="color:#FF0000;">id</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span> <span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>将用户名为demo(id<span style="color:#0000CC;">=</span>4)指定为reader角色<br></li><li>
<br></li><li>
$userDemo2 <span style="color:#0000CC;">=</span> User<span style="color:#0000CC;">:</span><span style="color:#0000CC;">:</span>model<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>findByAttributes<span style="color:#0000CC;">(</span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'username'</span> <span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span> <span style="color:#FF00FF;">'demo2'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>assign<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'reader'</span><span style="color:#0000CC;">,</span> $userDemo2<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span><span style="color:#FF0000;">id</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span> <span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span>将用户名为demo(id<span style="color:#0000CC;">=</span>4)指定为reader角色<br></li><li>
<br></li><li>
$userBlackList <span style="color:#0000CC;">=</span> User<span style="color:#0000CC;">:</span><span style="color:#0000CC;">:</span>model<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>findByAttributes<span style="color:#0000CC;">(</span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'username'</span> <span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span> <span style="color:#FF00FF;">'demo3'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>assign<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'blackList'</span><span style="color:#0000CC;">,</span> $userBlackList<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span><span style="color:#FF0000;">id</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<span style="color:#0000CC;">}</span>else<span style="color:#0000CC;">{</span><br></li><li>
$message <span style="color:#0000CC;">=</span> <span style="color:#FF00FF;">'Please config your authManage as a compontion in main.php'</span><span style="color:#0000CC;">;</span><br></li><li>
throw new CHttpException<span style="color:#0000CC;">(</span>0<span style="color:#0000CC;">,</span> $message<span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<span style="color:#0000CC;">}</span><br></li><li>
<span style="color:#0000CC;">}</span><br></li><li>
<span style="color:#0000CC;">}</span></li></ol></div>建立授权关系以后,更新accessRules为:<br><div id="codeText" class="codeText"><ol style="margin:0 1px 0 0;padding:5px 0;" start="1" class="dp-css"><li><span style="color:#000000;">public function accessRules<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><br></span></li><li>
<span style="color:#0000CC;">{</span><br></li><li>
return array<span style="color:#0000CC;">(</span><br></li><li>
array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'allow'</span><span style="color:#0000CC;">,</span><span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span> allow all users to perform <span style="color:#FF00FF;">'index'</span> and <span style="color:#FF00FF;">'view'</span> actions<br></li><li>
<span style="color:#FF00FF;">'actions'</span><span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'index'</span><span style="color:#0000CC;">,</span><span style="color:#FF00FF;">'view'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
<span style="color:#FF00FF;">'users'</span><span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'@'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
<span style="font-weight: bold;"> </span><span style="color: rgb(255, 0, 255); font-weight: bold;">'roles'</span><span style="font-weight: bold;"> </span><span style="color: rgb(0, 0, 204); font-weight: bold;">=></span><span style="font-weight: bold;"> array</span><span style="color: rgb(0, 0, 204); font-weight: bold;">(</span><span style="color: rgb(255, 0, 255); font-weight: bold;">'member'</span><span style="color: rgb(0, 0, 204); font-weight: bold;">,</span><span style="font-weight: bold;"> </span><span style="color: rgb(255, 0, 255); font-weight: bold;">'owner'</span><span style="color: rgb(0, 0, 204); font-weight: bold;">,</span><span style="font-weight: bold;"> </span><span style="color: rgb(255, 0, 255); font-weight: bold;">'reader'</span><span style="color: rgb(0, 0, 204); font-weight: bold;">),</span><br></li><li>
<span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'allow'</span><span style="color:#0000CC;">,</span> <span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span> allow authenticated user to perform <span style="color:#FF00FF;">'create'</span> and <span style="color:#FF00FF;">'update'</span> actions<br></li><li>
<span style="color:#FF00FF;">'actions'</span><span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'create'</span><span style="color:#0000CC;">,</span><span style="color:#FF00FF;">'update'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
<span style="color:#FF00FF;">'users'</span><span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'@'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
<span style="color: rgb(255, 0, 255); font-weight: bold;">'roles'</span><span style="font-weight: bold;"> </span><span style="color: rgb(0, 0, 204); font-weight: bold;">=></span><span style="font-weight: bold;"> array</span><span style="color: rgb(0, 0, 204); font-weight: bold;">(</span><span style="color: rgb(255, 0, 255); font-weight: bold;">'member'</span><span style="color: rgb(0, 0, 204); font-weight: bold;">,</span><span style="font-weight: bold;"> </span><span style="color: rgb(255, 0, 255); font-weight: bold;">'owner'</span><span style="color: rgb(0, 0, 204); font-weight: bold;">),</span><br></li><li>
<span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'allow'</span><span style="color:#0000CC;">,</span> <span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span> allow admin user to perform <span style="color:#FF00FF;">'admin'</span> and <span style="color:#FF00FF;">'delete'</span> actions<br></li><li>
<span style="color:#FF00FF;">'actions'</span><span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'admin'</span><span style="color:#0000CC;">,</span><span style="color:#FF00FF;">'delete'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
<span style="color:#FF00FF;">'users'</span><span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'@'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
<span style="font-weight: bold;"> </span><span style="color: rgb(255, 0, 255); font-weight: bold;">'roles'</span><span style="font-weight: bold;"> </span><span style="color: rgb(0, 0, 204); font-weight: bold;">=></span><span style="font-weight: bold;"> array</span><span style="color: rgb(0, 0, 204); font-weight: bold;">(</span><span style="color: rgb(255, 0, 255); font-weight: bold;">'owner'</span><span style="color: rgb(0, 0, 204); font-weight: bold;">),</span><br></li><li>
<span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'deny'</span><span style="color:#0000CC;">,</span><span style="color:#0000CC;">/</span><span style="color:#0000CC;">/</span> deny all users<br></li><li>
<span style="color:#FF00FF;">'users'</span><span style="color:#0000CC;">=</span><span style="color:#0000CC;">></span>array<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'*'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
<span style="color:#0000CC;">)</span><span style="color:#0000CC;">,</span><br></li><li>
<span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<span style="color:#0000CC;">}</span></li></ol></div>就是把刚刚建立的授权项目加入到访问控制列表中。<br><br>另外一个例子<br><div id="codeText" class="codeText"><ol style="margin:0 1px 0 0;padding:5px 0;" start="1" class="dp-css"><li><span style="color:#000000;">$auth <span style="color:#0000CC;">=</span> Yii<span style="color:#0000CC;">:</span><span style="color:#0000CC;">:</span>app<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>authManger<span style="color:#0000CC;">;</span><br></span></li><li>
$roleManager <span style="color:#0000CC;">=</span> $auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createRole<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'manager'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span> //建立一个角色<br></li><li>
<br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createTask<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'projectManager'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span> //建立任务<br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createTask<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'userManager'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOpration<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'createProject'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span> //建立操作<br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOpration<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'updateProject'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>createOpration<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'deleteUser'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span><br></li><li>
<br></li><li>
$user <span style="color:#0000CC;">=</span> User<span style="color:#0000CC;">:</span><span style="color:#0000CC;">:</span>model<span style="color:#0000CC;">(</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>findByPk<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'1'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span> //检索用户<br></li><li>
$roleManager<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'projectManager'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;</span> //为角色授权任务<br></li><li>
$roleManager<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>addChild<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'updateProject'</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;//为角色授权操作</span><br></li><li>
$auth<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span>assign<span style="color:#0000CC;">(</span><span style="color:#FF00FF;">'manager'</span><span style="color:#0000CC;">,</span> $user<span style="color:#0000CC;">-</span><span style="color:#0000CC;">></span><span style="color:#FF0000;">id</span><span style="color:#0000CC;">)</span><span style="color:#0000CC;">;//指定用户权限</span></li></ol></div>
页:
[1]