Home  >  Article  >  Backend Development  >  Yii permission hierarchical access control implementation (non-RBAC method)_PHP tutorial

Yii permission hierarchical access control implementation (non-RBAC method)_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 10:29:46748browse

The following are some of the experiences we gained when developing projects at Xinyi Network Company

Main reference materials: yii official website http://www.yiiframework.com/wiki/60/

yii framework provides 2 sets of permission access systems, one It is a simple filter mode, and the other is a complex and comprehensive RBAC mode. What I want to talk about here is the first set (because I just learned this). If you have studied the official YII demo blog, you must know that, for example, the user module automatically generated by gii automatically comes with a simple filter permission assignment function. For details, please refer to the "User Authentication" chapter of the blog manual, and The "Authentication and Authorization" chapter of the yii official guide. (Note that the module I refer to here is just my personal collective name for user-related files, and has a different meaning from the module of the Yii file system.)

About permission allocation Most of the files are in controllers. For example, if you open the UserController.php file, you will see 2 class functions.
                                                                                                                                          > 'accessControl', // Implement access control for CRUD operations

'postOnly + delete',
); }
public function accessRules()

//Here are the settings for access rules.

{ return array( array('allow', // Allow all users to perform index, view actions
> 'users'=>array('*'), //
* identifies all users including registered, unregistered, general and administrator level
), Array ('Allow', // Only allowed users to perform Create, Update action.

                 'actions'=>array('create','update'),                                                                                                @ number refers to all registered users ),
admin, delete action
'actions' = & gt; array ('admin', 'delete'), 'users' = & gt ;array('admin'),//
Admin refers to the user whose username is admin, and user permissions are assigned in a hard-coded form.
),
              array('deny', // Deny all access. 🎜> ),
Refer to the official document http://www.yiiframework.com/doc/api/1.1/CAccessControlFilter Okay, now we have to start setting up the permission distribution that suits us according to our own needs. We hope that the filter access control mode can be more perfect. According to common sense, we hope that it can implement different authorizations according to different levels of users in the user table in the database, rather than using hard-coded control.

Back to the demo blog, I first modified the tbl_user table of the database and added a role item on the original basis. Add the role value to the original user information record as "Administrator" or "General User".

Then follow the following 3 steps:

1. Create component WebUser, which is an extension of CWebUser.
2. Modify the config/main.php file.

3. Modify accessRules().

The specific details are as follows:

1.WebUser.php component code:



class WebUser extends CWebUser {
private $_model;

function getFirst_Name(){
$user = $this->loadUser(Yii::app()-> user->id);
return $user->first_name;
}
function isAdmin(){
$user = $this->loadUser(Yii::app()->user->id);
if ($user==null)
return 0;
else
return $user->role == "Administrator";
}
protected function loadUser($id=null)
{
if($this->_model ===null)
 ​                                                                                                                                                                                                                                                                             ::model()->findByPk($id);
}
return $this->_model;
}
}
?>

2. Find the following code in config/main.php and add the code marked in red.

'components'=>array(

'user'=>array( ) // enable cookie-based authentication

'class'=>'WebUser',

),



3. Find the controller class that needs to change permissions, and modify the accessRules() function. For example, make the following modifications to the previous accessRules() function: (Note the red code )

 public function accessRules() 
                                                                                                                                User executes index , View action. ),                                                                                                                                           use using ’ ’ s ’ ’ s ’       using using ’ ‐ to ‐ ‐ ‐ ‐                                                                                                           to // Only authenticated users are allowed to perform create, update actions. users'=>array('@'), // @ refers to all registered users
),
array('allow', ) // only Allow users whose username is admin to perform admin and delete actions
'expression'=>'yii::app()->user->isAdmin()',//In this way, only users identified as "administrator" can access admin, delete action

),
array('deny',
🎜> ), );
This article is published by Xinyi Network, which focuses on website construction in Chengdu. For more information about yii, please pay attention to subsequent releases of Xinyi Network. Xinyi Network’s official website http://www.ir58.com
http://www.bkjia.com/PHPjc/769339.html
www.bkjia.com
truehttp: //www.bkjia.com/PHPjc/769339.html
TechArticleThe following are some of the main reference materials from our experience when developing projects at Xinyi Network Company: yii official website http ://www.yiiframework.com/wiki/60/ yii framework provides 2 sets of permissions to access...

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn