The rule of YII2 privilege control RBAC detailed explanation

Author: White Wolf Source: http://www.manks.top/yii2_rbac_rule.html This article copyright belongs to the author, welcome reprint, but does not have the author to agree must retain this paragraph statement, and in the article page obvious position gives the original connection, otherwise reserves the legal responsibility the right.
Before we yii2 set up backstage and RBAC detailed tutorial, do not know you once puzzled not a question, the rule table is to do what, why in the whole process we did not involve this table.

I believe I do not say that some people will try, or Baidu or Google, in the end will be bamboo basket, this part of the content of the little ah.

For the general permission system, the RBAC we have previously done is usually sufficient, without rule, and I believe you can implement the functions we have implemented with rule.

We will use the official website example to give a specific course of action, to see what this mysterious rule is doing.

See Requirements:

We have administrators and ordinary users, for the article system, we allow the administrator of any action on the article, but only allow ordinary users to create articles and modify their own created articles, note oh, is allowed to modify their own creation of the article, is not allowed to modify the article, nor to modify all the articles.

See yii2 RBAC rule How to achieve, the emphasis is to teach everyone how to use this rule, also solve many people heart of the section.

Before we add rule, we need to implement the Execute method of the Yii\rbac\rule class first.

<?php
namespace backend\components;


Use Yii;
Use Yii\rbac\rule;


Class Articlerule extends rule
{public
    $name = ' article ';
    The Public function execute ($user, $item, $params)
    {
        //is first set to false, and the logic is followed by a perfect return
        false;
    }
}

Then we can add rule to the Background rule list (/admin/rule/index). Concrete Add way can refer to the screenshot below

(see the original picture)

Note that many of the above steps will die in addition to the class name, and remember to add the namespace of our Articlerule file.

Let's look at step three, which is also a very easy place to go wrong. Please pay attention to this tutorial and focus on energy ahead.

Our Access rights list (/admin/permission/index) new permissions, which are only for changes to the article, and then we assign it to the user-owned role

Note that this is a serious warning, where the newly added permissions are controlled by the route that is the update operation of the article (/article/update) assigned to the current user only once, the duplicate allocation of the current operation to the role or user, may cause rule failure, the failure of the reason is covered.

Refresh the article again at this Moment update page (/ARTICLE/UPDATE/1), it is obvious directly to us the 403 Forbidden No access to the prompt, that is, we have just added the rule into force. If this is not the case now, please check the two points of attention mentioned above.

Then we implement the business logic within the Articlerule::execute method, which can be referenced as follows:

[Consider the current domestic web site most of the collection of articles are very frequent, even more do not indicate the original source, the original author would like to see the original, in case there is any problem can not update all articles, avoid misleading. ]

Continue Reading