Home > Article > Backend Development > Detailed explanation of the rules of yii2 permission control rbac, yii2 permission control rbac_PHP tutorial
Detailed explanation of the rules of yii2 permission control rbac, yii2 permission control rbac_PHP tutorial
- WBOYOriginal
- 2016-07-12 08:49:23770browse
Detailed explanation of the rules of yii2 permission control rbac, yii2 permission control rbac
In our previous detailed tutorials on setting up the backend of yii2 and rbac, I don’t know if you have ever wondered if there is a question. What does the rule table do? Why are we not referring to this table in the whole process?
Believe me, if I don’t tell you, some people will try Baidu or Google, but in the end they will just draw water from a bamboo basket. There is very little content to explain in this part!
For general permission systems, the rbac we made before is generally sufficient. Even without rules, I believe you can also achieve the functions we use rules to achieve.
We will give a specific operation tutorial using the example from the official website to see what this mysterious rule does!
Depending on demand:
We have administrators and ordinary users. For the article system, we allow administrators to do any operation on articles, but only ordinary users are allowed to create articles and modify articles created by themselves. Note that they are allowed to modify articles created by themselves. Articles are not allowed to be modified, nor are all articles allowed to be modified!
Let’s see how to implement the yii2 rbac rule. The focus is to teach everyone how to use this rule, and also to solve the knots in many people’s minds!
Before we add a rule, we need to implement the execute method of the yiirbacRule class.
<?<span>php
namespace backend\components;
</span><span>use</span><span> Yii;
</span><span>use</span><span> yii\rbac\Rule;
</span><span>class</span> ArticleRule <span>extends</span><span> Rule
{
</span><span>public</span> <span>$name</span> = 'article'<span>;
</span><span>public</span> <span>function</span> execute(<span>$user</span>, <span>$item</span>, <span>$params</span><span>)
{
</span><span>//</span><span> 这里先设置为false,逻辑上后面再完善</span>
<span>return</span> <span>false</span><span>;
}
}</span>
Then, we can go to the background rule list (/admin/rule/index) to add rules. For specific adding methods, please refer to the screenshot below
Note that many people will fail in adding the class name in the above step. Remember to add the namespace where our ArticleRule file is located!
Let’s look at the third step, which is also where it’s easy to make mistakes! Please pay attention to this tutorial, high energy lies ahead!
We added a new permission to the access permission list (/admin/permission/index). This permission is only for modifying articles, and then we assign it to the user's role
Please note that there is a serious warning here. The route controlled by the newly added permissions here is the update operation of the article (/article/update). It is assigned to the current user only once. The current operation is assigned repeatedly to the role or user to which it belongs. , which may cause the rule to fail, and the reason for the failure is overwriting!
At this moment, refresh the article update page (/article/update/1) again. Obviously, we are directly given a 403 forbidden no access prompt, which means that the rule we just added has taken effect! If it does not take effect at this moment, please check the two points mentioned above!
Then we implement the business logic in the ArticleRule::execute method, please refer to the following:
<span>class</span> ArticleRule <span>extends</span><span> Rule
{
</span><span>public</span> <span>$name</span> = 'article'<span>;
</span><span>/*</span><span>*
* @param string|integer $user 当前登录用户的uid
* @param Item $item 所属规则rule,也就是我们后面要进行的新增规则
* @param array $params 当前请求携带的参数.
* @return true或false.true用户可访问 false用户不可访问
</span><span>*/</span>
<span>public</span> <span>function</span> execute(<span>$user</span>, <span>$item</span>, <span>$params</span><span>)
{
</span><span>$id</span> = <span>isset</span>(<span>$params</span>['id']) ? <span>$params</span>['id'] : <span>null</span><span>;
</span><span>if</span> (!<span>$id</span><span>) {
</span><span>return</span> <span>false</span><span>;
}
</span><span>$model</span> = Article::findOne(<span>$id</span><span>);
</span><span>if</span> (!<span>$model</span><span>) {
</span><span>return</span> <span>false</span><span>;
}
</span><span>$username</span> = Yii::<span>$app</span>->user->identity-><span>username;
</span><span>$role</span> = Yii::<span>$app</span>->user->identity-><span>role;
</span><span>if</span> (<span>$role</span> == User::ROLE_ADMIN || <span>$username</span> == <span>$model</span>-><span>operate) {
</span><span>return</span> <span>true</span><span>;
}
</span><span>return</span> <span>false</span><span>;
}
}</span>
The last step is verification. Has the rule authentication we implemented worked?
The test steps are as follows for reference:
[Considering that most domestic websites currently collect articles very frequently, and some even do not indicate the source of the original article, the original author hopes that readers can check the original article to prevent any problems and not update all articles to avoid misleading! ]
View original text