In-depth analysis of the implementation of Yii permission hierarchical access control (non-RBAC method)_PHP tutorial

Yii framework provides 2 sets of permission access systems, one is a simple filter mode, and the other is a complex and comprehensive RBAC mode. What I want to talk about here is the first set (because I just learned this) . If you have studied the official YII demo blog, you must know that, for example, the user module automatically generated by gii automatically comes with a simple filter permission assignment function. For details, please refer to the "User Authentication" chapter of the blog manual, and The "Authentication and Authorization" chapter of the yii official guide. (Note that the module I refer to here is just my personal collective name for user-related files, which has a different meaning from the module of the Yii file system.)
Most of the files regarding permission allocation are in controllers, such as opening UserController.php file you will see 2 class functions.

Copy code The code is as follows:

public function filters()
{
return array(
'accessControl',                                                                                                                                                                       .
{
return array(
array('allow', 'index', 'view') // Allow all users to perform index and view actions.
'actions'=>array('index','view'),
        'users'=>array('*'),                                                                                                           // Only authenticated users are allowed to execute create, update action.
'actions'=>array('create','update'),
'users'=>array('@'), // @ refers to all registered users
),
Array ('Allow', // Only allows the user name to be admin to execute admin, delete action
'actions' = & gt; Array ('admin', 'delete'),
'users'=>array('admin'),
                                                                                                                                                                                                                                                             ​Deny all access. 'users'=>array('*'),

For more access rule settings, please refer to the official document http://www.yiiframework.com/doc/api/1.1/CAccessControlFilter
Okay, now we need to start setting up the settings that suit us according to our own needs. permissions are assigned. We hope that the filter access control mode can be more perfect. According to common sense, we hope that it can implement different authorizations according to different levels of users in the user table in the database, rather than using hard-coded control.

Back to the demo blog, I first modified the tbl_user table of the database and added a role item on the original basis. Add the role value to the original user information record as "Administrator" or "General User".
Then perform the following 3 steps in sequence:
1. Create component WebUser, which is an extension of CWebUser.
2. Modify the config/main.php file.
3. Modify accessRules().
The specific details are as follows:
1.WebUser.php component code:

Copy code The code is as follows:

// this file must be stored in:
// protected/components/WebUser.php

class WebUser extends CWebUser {

// Store model to not repeat query.
private $_model;

// Return first name.
// access it by Yii:: app()->user->first_name
function getFirst_Name(){
$user = $this->loadUser(Yii::app()->user->id);
Return $user->first_name;
}

// This is a function that checks the field 'role'
// in the User model to be equal to 1, that means it's admin
// access it by Yii::app()->user->isAdmin()
function isAdmin(){
$user = $this->loadUser(Yii::app ()->user->id);
if ($user==null)
return 0;
else
role == "Administrator";
}

// Load user model.
protected function loadUser($id=null)
{
_if($this->_model===null)
                                                                                                             - >_model;
}
}
?>


2. Find the following code in config/main.php and add the code marked in red.

Copy code

The code is as follows: 'components'=>array( 'user'=>array (

// enable cookie-based authentication

.Find the controller class that needs to change permissions, and modify the accessRules() function. For example, make the following modifications to the previous accessRules() function:



Copy code

Code As follows:

public function accessRules() //Here is the setting of access rules. {
return array(
array('allow', // Allow all users to perform index and view actions.
'actions'=>array('index','view'),
'users'=>array('*'), //* number identifies all users including registered, unregistered, general, and administrator level
),
array('allow', / Only authenticated users are allowed to perform create and update actions. / @number refers to all registered users
),
array('allow', ; ',' delete '),
' Expression '= & gt;' yii ::)-& gt; user- & gt; isadmin () ',
// To access admin, delete action
),
array('deny', // Deny all access.
'users'=>array('*'),
),
);


Work done!

http://www.bkjia.com/PHPjc/327563.html

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/327563.htmlTechArticleyii framework provides 2 sets of permission access systems, one is a simple filter (filter) mode, the other The set is a complex and comprehensive RBAC model. What I want to talk about here is the first set (because I just...