An in depth analysis of the implementation of yii Hierarchical access Control of Non RBAC method
- 2020-06-12 08:40:08
- OfStack
yii framework offers two sets of access systems, the simple filter (filter) mode and the complex and comprehensive RBAC mode, the first of which I'm talking about here (because I've just learned here). If you have studied YII's official demo blog, you will know, for example, that the user module generated by gii automatically comes with a simple filter permission assignment function. Please refer to the blog manual's "User Authentication" section 1 and the yii official Guide's "Authentication and Authorization" section 1 for details. (Note that the modules I refer to here are only my personal generic term for files related to user, which is different from the module of the yii file system (module).)
Most of the files on permissions are in controllers, for example open the UserController.php file and you'll see two class functions.
Set about more access rules refer to official document http: / / www yiiframework. com doc/api / 1.1 / CAccessControlFilter
Now it's time to set up the permissions that suit our needs. We want the filter access control mode to be more perfect. As a matter of common sense, we want it to be able to grant different permissions to different levels of users in the user table in the database, rather than being hardcoded.
Going back to demo blog, I first modified the tbl_user table in the database, adding role1 items to the original one. The value that adds role to the original user information record is either "administrator" or "1 General User ".
Then perform the following three steps in turn:
1. Create component WebUser, which is an extension to CWebUser.
2. Modify the config/ ES47en.php file.
3. Modify accessRules().
The details are as follows:
1.WebUser.php component code:
2. Find the following code in config/ main.php and add the code marked red.
3. Find the controller class that needs to change the permission, and modify the accessRules () function. For example, modify the accessRules () function above as follows:
Job done!
Most of the files on permissions are in controllers, for example open the UserController.php file and you'll see two class functions.
public function filters()
{
return array(
'accessControl', // implementation CRUD Access control for operations.
'postOnly + delete',
);
}
public function accessRules() // This is where the access rules are set up.
{
return array(
array('allow', // Allows all users to execute index,view The action.
'actions'=>array('index','view'),
'users'=>array('*'), <span></span>
),
array('allow', // Only authenticated users are allowed to execute create, update The action.
'actions'=>array('create','update'),
'users'=>array('@'), // @ Number refers to all registered users
),
array('allow', // Only user names are allowed admin User execution of admin,delete action
'actions'=>array('admin','delete'),
'users'=>array('admin'),
), //admin That means the user name is admin The user , Assign user permissions in hard-coded form.
array('deny', // Deny all access.
'users'=>array('*'),
),
);
}
Set about more access rules refer to official document http: / / www yiiframework. com doc/api / 1.1 / CAccessControlFilter
Now it's time to set up the permissions that suit our needs. We want the filter access control mode to be more perfect. As a matter of common sense, we want it to be able to grant different permissions to different levels of users in the user table in the database, rather than being hardcoded.
Going back to demo blog, I first modified the tbl_user table in the database, adding role1 items to the original one. The value that adds role to the original user information record is either "administrator" or "1 General User ".
Then perform the following three steps in turn:
1. Create component WebUser, which is an extension to CWebUser.
2. Modify the config/ ES47en.php file.
3. Modify accessRules().
The details are as follows:
1.WebUser.php component code:
<strong><?php
// this file must be stored in:
// protected/components/WebUser.php
class WebUser extends CWebUser {
// Store model to not repeat query.
private $_model;
// Return first name.
// access it by Yii::app()->user->first_name
function getFirst_Name(){
$user = $this->loadUser(Yii::app()->user->id);
return $user->first_name;
}
// This is a function that checks the field 'role'
// in the User model to be equal to 1, that means it's admin
// access it by Yii::app()->user->isAdmin()
function isAdmin(){
$user = $this->loadUser(Yii::app()->user->id);
if ($user==null)
return 0;
else
return $user->role == " The administrator ";
}
// Load user model.
protected function loadUser($id=null)
{
if($this->_model===null)
{
if($id!==null)
$this->_model=User::model()->findByPk($id);
}
return $this->_model;
}
}
?></strong>
2. Find the following code in config/ main.php and add the code marked red.
'components'=>array(
'user'=>array(
// enable cookie-based authentication
'allowAutoLogin'=>true,
'class'=>'WebUser',
),
3. Find the controller class that needs to change the permission, and modify the accessRules () function. For example, modify the accessRules () function above as follows:
public function accessRules() // This is where the access rules are set up. {
return array(
array('allow', // Allows all users to execute index,view The action.
'actions'=>array('index','view'),
'users'=>array('*'), //* The number identifies all users including registered, unregistered, 1 Like, administrator level
),
array('allow', // Only authenticated users are allowed to execute create, update The action.
'actions'=>array('create','update'),
'users'=>array('@'), // @ Number refers to all registered users
),
array('allow', // Only user names are allowed admin User execution of admin,delete action
'actions'=>array('admin','delete'),
'expression'=>'yii::app()->user->isAdmin()',
// This is accessible only to users identified as "administrators" admin,delete action
),
array('deny', // Deny all access.
'users'=>array('*'),
),
);
Job done!