Browse Source
* master: Fixes #1248: url manager didn't handle array parameters well. travis: speed up composer fixes #1306 fixed travis and composer issue fixed array helper test fixed Sort test some clarification on model docs fixed Sort::params to be retrieved from Request instead of $_GET revokeAll() implementation for PhpManager revokeAll() implementation for DbManager added abstract function revokeAll() indentation fix fixes #1303: Security::decrypt now returns null w/o error when null is passed as $data Added link to new RBAC page added link to forum thread Basic information about RBAC RBAC documentation added revokeAll() test refactored redis AR Query::scalar() Conflicts: .travis.ymltags/2.0.0-beta
Carsten Brandt
11 years ago
15 changed files with 221 additions and 21 deletions
@ -0,0 +1,122 @@ |
|||||||
|
Using RBAC |
||||||
|
=========== |
||||||
|
|
||||||
|
Lacking proper documentation, this guide is a stub copied from a [topic on the forum](http://www.yiiframework.com/forum/index.php/topic/49104-does-anyone-have-a-working-example-of-rbac/page__view__findpost__p__229098). |
||||||
|
|
||||||
|
|
||||||
|
First af all, you modify your config (web.php or main.php), |
||||||
|
```php |
||||||
|
'authManager' => [ |
||||||
|
'class' => 'app\components\PhpManager', // THIS IS YOUR AUTH MANAGER |
||||||
|
'defaultRoles' => ['guest'], |
||||||
|
], |
||||||
|
``` |
||||||
|
|
||||||
|
Next, create the manager itself (app/components/PhpManager.php) |
||||||
|
```php |
||||||
|
<?php |
||||||
|
namespace app\components; |
||||||
|
|
||||||
|
use Yii; |
||||||
|
|
||||||
|
class PhpManager extends \yii\rbac\PhpManager |
||||||
|
{ |
||||||
|
public function init() |
||||||
|
{ |
||||||
|
if ($this->authFile === NULL) |
||||||
|
$this->authFile = Yii::getAlias('@app/data/rbac') . '.php'; // HERE GOES YOUR RBAC TREE FILE |
||||||
|
|
||||||
|
parent::init(); |
||||||
|
|
||||||
|
if (!Yii::$app->user->isGuest) { |
||||||
|
$this->assign(Yii::$app->user->identity->id, Yii::$app->user->identity->role); // we suppose that user's role is stored in identity |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
``` |
||||||
|
|
||||||
|
Now, the rules tree (@app/data/rbac.php): |
||||||
|
```php |
||||||
|
<?php |
||||||
|
use yii\rbac\Item; |
||||||
|
|
||||||
|
return [ |
||||||
|
// HERE ARE YOUR MANAGEMENT TASKS |
||||||
|
'manageThing0' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], |
||||||
|
'manageThing1' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], |
||||||
|
'manageThing2' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], |
||||||
|
'manageThing2' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], |
||||||
|
|
||||||
|
// AND THE ROLES |
||||||
|
'guest' => [ |
||||||
|
'type' => Item::TYPE_ROLE, |
||||||
|
'description' => 'Guest', |
||||||
|
'bizRule' => NULL, |
||||||
|
'data' => NULL |
||||||
|
], |
||||||
|
|
||||||
|
'user' => [ |
||||||
|
'type' => Item::TYPE_ROLE, |
||||||
|
'description' => 'User', |
||||||
|
'children' => [ |
||||||
|
'guest', |
||||||
|
'manageThing0', // User can edit thing0 |
||||||
|
], |
||||||
|
'bizRule' => 'return !Yii::$app->user->isGuest;', |
||||||
|
'data' => NULL |
||||||
|
], |
||||||
|
|
||||||
|
'moderator' => [ |
||||||
|
'type' => Item::TYPE_ROLE, |
||||||
|
'description' => 'Moderator', |
||||||
|
'children' => [ |
||||||
|
'user', // Can manage all that user can |
||||||
|
'manageThing1', // and also thing1 |
||||||
|
], |
||||||
|
'bizRule' => NULL, |
||||||
|
'data' => NULL |
||||||
|
], |
||||||
|
|
||||||
|
'admin' => [ |
||||||
|
'type' => Item::TYPE_ROLE, |
||||||
|
'description' => 'Admin', |
||||||
|
'children' => [ |
||||||
|
'moderator', // can do all the stuff that moderator can |
||||||
|
'manageThing2', // and also manage thing2 |
||||||
|
], |
||||||
|
'bizRule' => NULL, |
||||||
|
'data' => NULL |
||||||
|
], |
||||||
|
|
||||||
|
'godmode' => [ |
||||||
|
'type' => Item::TYPE_ROLE, |
||||||
|
'description' => 'Super admin', |
||||||
|
'children' => [ |
||||||
|
'admin', // can do all that admin can |
||||||
|
'manageThing3', // and also thing3 |
||||||
|
], |
||||||
|
'bizRule' => NULL, |
||||||
|
'data' => NULL |
||||||
|
], |
||||||
|
|
||||||
|
]; |
||||||
|
``` |
||||||
|
|
||||||
|
As a result, you can now add access control filters to controllers |
||||||
|
```php |
||||||
|
public function behaviors() |
||||||
|
{ |
||||||
|
return [ |
||||||
|
'access' => [ |
||||||
|
'class' => 'yii\web\AccessControl', |
||||||
|
'except' => ['something'], |
||||||
|
'rules' => [ |
||||||
|
[ |
||||||
|
'allow' => true, |
||||||
|
'roles' => ['manageThing1'], |
||||||
|
], |
||||||
|
], |
||||||
|
], |
||||||
|
]; |
||||||
|
} |
||||||
|
``` |
Loading…
Reference in new issue