Implementation of a hierarchical access control for YII permissions (non-RBAC method) _php Tutorial

The following are some of the experiences that we end up with when we develop a project at Shun Yi Network .

Main reference: Yii official website http://www.yiiframework.com/wiki/60/

The YII Framework provides 2 sets of access systems, one is a simple filter (filter) mode, the other is a complex and comprehensive RBAC mode, and I'm going to talk about the first set here (because I've just learned this). If you have studied the official Yii demo blog, you must know that, for example, the user module automatically generated by the GII, automatically comes with a simple filter permission assignment, details please refer to the blog manual "User authentication" section, and the official Yii Guide "Authentication and Authorization" A chapter. (Note that I refer to the module here, but I personally on the user-related files collectively, and the Yii file system module) meaning different. )

most of the files on the rights assignment are in controllers, such as opening the usercontroller.php file and you will see 2 classes of functions.
Public function Filters ()
{
return Array (
' AccessControl ',//implements access control for CRUD operations.
' postonly + delete ',
);
}

Public function Accessrules () //This is the setting of the access rule.
{
return Array (
Array (' Allow ',//allow all users to perform index,view actions.
' actions ' =>array (' index ', ' View '),
' users ' =>array (' * '),//* ID identifies all users including registered, unregistered, general, administrator-level
),
Array (' Allow ',//Allow only authenticated users to perform create, update action.
' actions ' =>array (' Create ', ' Update '),
' users ' =>array (' @ '),//@ refers to all registered users
),
Array (' Allow ',//allow only user named Admin to perform admin,delete action
' actions ' =>array (' admin ', ' delete '),
' users ' =>array (' admin '),//admin refers to the user name is Admin user, in hard-coded form to assign user rights.
),
Array (' Deny ',//Deny all access.
' users ' =>array (' * '),
),
);
}

For more information about access rules, please refer to the official documents Http://www.yiiframework.com/doc/api/1.1/CAccessControlFilter


OK, now we have to start to set the right assignment for our own needs. We want the filter access control mode to be a bit more perfect, and in common sense, we want it to be based on different levels of users in the user table in the database, instead of being controlled in hard-coded form.

Back to the demo blog, I first on the database of the Tbl_user table to make changes, on the original basis of adding role one. The value of add role to the original user information record is "Administrator" or "General user".

Then perform the following 3 steps in turn:

1. Create the component WebUser, which is an extension to the Cwebuser.
2. Modify the config/main.php file.

3. Modify the Accessrules ().

Specific details are as follows:

1.webuser.php Component code:

!--? php

class WebUser extends Cwebuser {
Private $_model;

function Getfirst_name () {
$user = $this->loaduser (Yii::app () USER->ID);
return $user->first_name;
}
function ISAdmin () {
$user = $this->loaduser (Yii::app ()->user- >ID);
if ($user ==null)
return 0;
Else
return $user->role = = "Administrator";
}
protected function Loaduser ($id =null)
{
if ($this- >_model===null)
{
if ($id!==null)
$this->_model=user:: Model ()->FINDBYPK ($id);
}
return $this->_model;
}
}
?

2. In config/main.php, find the following code, add the code marked red.

' Components ' =>array (
' User ' =>array (
Enable cookie-based Authentication
' Allowautologin ' =>true,
' class ' = ' WebUser ',
),

3. Locate the Controller class that needs to change the permissions, and make modifications to the Accessrules () function, such as the Accessrules () function of the preceding article: ( note the Red Code )

Public function Accessrules ()
{
ReturN Array (
Array (' Allow ',//allows all users to perform index,view actions.
' Actions ' =>array (' index ', ' View '),
' Users ' =>array (' * '),//* identifies all users including registered, unregistered, general, administrator-level
),
Array (' Allow ',//allows only authenticated users to perform create, update action.
' Actions ' =>array (' Create ', ' Update '),
' Users ' =>array (' @ '),//@ refers to all registered users
),
Array (' Allow ',//only user username is admin to perform admin,delete action
' Actions ' =>array (' admin ', ' delete '),
' expression ' = ' Yii::app ()->user->isadmin () ',//so that only users identified as "administrator" can access Admin,delete actions
),
Array (' Deny ',
' Users ' =>array (' * '),
),
);

This article by the focus on the Chengdu website Construction of the letter Easy network release, more information about Yii please pay attention to the letter easy network subsequent release, the letter Easy Network's official website http://www.ir58.com

http://www.bkjia.com/PHPjc/769339.html www.bkjia.com true http://www.bkjia.com/PHPjc/769339.html techarticle The following are some of the lessons we end up with when we develop a project at the Shin-networking company: YII website HTTP://WWW.YIIFRAMEWORK.COM/WIKI/60/YII Framework provides 2 sets of Access ...

