Yii2 framework study notes (6) -- RBAC

In addition to skins, there is also a very important function point in the background preparation work, which is permission control.

Yii2 provides a basic framework for permission control, using RBAC (Role Based Access Control), role-based access control.

To put it simply, different roles have different permissions. For example, the role has admin/guest. Admin can browse pages and manage users, while guest users can only browse pages, etc. A specific user can be bound to a role to exercise the permissions of that role.

Copy the vendor/yiisoft/yii2/rbac/migration/m140506_102106_rbac_init.php file to the console/migration file.

In the yii directory, run yii migrate. You will be prompted whether to run the script we just copied in. Enter yes. After completion, you can see that four new tables have been created in the database.

For the specific functions of these tables, please refer to http://blog.csdn.net/yiifans/article/details/27528327
I won’t go into details here, mainly explaining how to Use rbac.

First we make some configurations in our code.

common/config/main-local.php, change authManager to call the database, as follows

...     
 'components' => [  
        ...  
        'authManager' => [  
            'class' => 'yii\rbac\DbManager',  
            'defaultRoles' => ['guest'],  
        ],  
        ...  
 ],  
...

Write a command line script to initialize rbac and use rbac.

Create a new RbacController.php under console/controllers/

First of all, the controller under console/controllers is run through the command line tool yii in the yii root directory, and also supports route , that is, the actionInit method of RbacController is called using yii rbac/init.

The code of RbacController is as follows

<?php

namespace console\controllers;

use yii\console\Controller;
class RbacController extends Controller {
	/**
	 * Init base roles
	 */
	public function actionInit() {
		
		$auth = \Yii::$app->authManager;
		
		$auth->removeAll();
		
		$managerUser = $auth->createPermission("managerUser");
		$managerUser->description = "manage user list";
		$auth->add($managerUser);
		
		$guest = $auth->createRole("guest");
		$auth->add($guest);
		
		$admin = $auth->createRole("admin");
		$auth->add($admin);
		$auth->addChild($admin, $managerUser);
	}
	
	/**
	 * Assign a specific role to the given user id 
	 * @param int $userid
	 * @param string $role
	 */
	public function actionAssign($userid, $role) {
		$auth = \Yii::$app->authManager;
		$roleItem = $auth->getRole($role);
		If ($roleItem == null) {
			throw new Exception("the role is not found");
		}
		$auth->assign($roleItem, $userid);
	}
}

The php-doc will be displayed in the command line tool, enter yii help, the result is as follows

First enter yii rbac/init, then two roles will be created, admin and guest. Admin will have managerUser permissions, but guest will not.

Then enter yii rbac/assign 1 admin, which is to assign an admin role to the user with userid 1.

After the preparation is completed, test whether the permissions take effect.

Create new backend/controllers/UserController.php, override the behaviors method, and configure different permissions for different actions. Here we add configuration to the manager-user action that requires manageUser permissions to access. The specific code is as follows.

<?php
namespace backend\controllers;

use yii\web\Controller;
use yii\filters\AccessControl;
class UserController extends Controller {
	
	public function behaviors() {
		return [ 
			&#39;access&#39; => [ 
				&#39;class&#39; => AccessControl::className (),
				&#39;rules&#39; => [ 
					[ 
						&#39;actions&#39; => [ &#39;update-userprofile&#39;],
						&#39;allow&#39; => true,
						&#39;roles&#39; => [ &#39;@&#39; ]
					],
					[
						&#39;actions&#39; => [ &#39;manage-user&#39;],
						&#39;allow&#39; => true,
						&#39;roles&#39; => [ &#39;admin&#39; ]
					]
				] 
			],
		];
	}
	
	public function actionUpdateUserprofile()
	{
		return "sth";
	}
	
	public function actionManageUser() {
		return "inside";
	}
}

The role is @, which means that any logged-in user can access, and the role is admin, which means that only users with the role of admin can access.

You can test the results.

When admin user accesses

When non-admin user accesses

The above is Yii2 framework learning Notes (6) -- RBAC content, please pay attention to the PHP Chinese website (www.php.cn) for more related content!