YII2 RBAC Rights Control Rule tutorial detailed _php example

Before we Yii2 set up backstage and realize RBAC rights control Complete example tutorial, do not know you have been puzzled not a question, the rule table is to do what, why in the whole process we did not involve this table?

I believe I do not say that some people will try, or Baidu or Google, in the end will be bamboo basket, this part of the content of the few Ah!

For the general permission system, the RBAC we have previously done is usually sufficient, without rule, and I believe you can implement the functions we have implemented with rule.

We will take the official website example to give a concrete operation course, to see this mysterious rule exactly is does what!

See Requirements:

We have administrators and ordinary users, for the article system, we allow the administrator of any operation of the article, but only allow ordinary users to create articles and modify their own created articles, note oh, is allowed to modify their own creation of the article, is not allowed to modify the article, nor to modify all the articles!

See yii2 RBAC rule How to achieve, the emphasis is to teach everyone how to use this rule, also solve many people heart of the festival!

Before we add rule, we need to implement the Execute method of the Yii\rbac\rule class first.

<?php
namespace backend\components;
Use Yii;
Use Yii\rbac\rule;
Class Articlerule extends rule
{public
$name = ' article ';
The Public function execute ($user, $item, $params)
{
//is first set to false, and the logic is followed by a perfect return
false;
}
}

Then we can add rule to the Background rule list (/admin/rule/index). Concrete Add way can refer to the screenshot below

Note that many people will die on the top of the class name, and remember to add the namespace of our Articlerule file!

Let's look at the third step, which is also a very error prone place! Please pay attention to this tutorial to focus on energy ahead!

Our Access rights list (/admin/permission/index) new permissions, which are only for changes to the article, and then we assign it to the user-owned role

Note that here is a serious warning, where the newly added permissions are controlled by the route which is the update operation of the article (/article/update) assigned to the current user only once, the duplicate allocation of the current operation to the role or user, may result in rule invalidation, the failure of the reason is covered!

At this moment again refresh the article update page (/ARTICLE/UPDATE/1), it is obvious that directly to our 403 Forbidden no access to the prompt, that is, we have just added rule effective! If this is not the case now, please check the two points mentioned above!

Then we implement the business logic within the Articlerule::execute method, which can be referenced as follows:

Class Articlerule extends rule
{public
$name = ' article ';
/**
* @param string|integer $user The current logged-on user's uid
* @param Item $item rule, which is the new rule we're going to follow
* @param array $par The parameters that the AMS currently requests to carry. 
* @return True or False.true user can access false the user cannot
access
/Public function execute ($user, $item, $params)
{
$id = Isset ($params [' id '])? $params [' id ']: null;
if (! $id) {return
false;
}
$model = Article::findone ($id);
if (! $model) {return
false;
}
$username = Yii:: $app->user->identity->username;
$role = Yii:: $app->user->identity->role;
if ($role = = User::role_admin | | $username = = $model->operate) {return
true;
}
return false;
}
}

Finally, the validation of the rule that we have achieved the effect of the rule is not it?

Test steps can be used as reference:

1. The current user creates an article, remembers to record the current article creator, its role is the administrator, we default User::role_admin

2. Create an ordinary user, and also create an article, but also need to record the creator of the current article

3. With the Administrator account and ordinary user login system to modify these two articles, the conclusion is naturally to meet our first request, the administrator of two articles can be modified, ordinary users can only modify their own articles

The above is a small set to introduce the YII2 RBAC rights control of the rule tutorial detailed, I hope to help you, if you have any questions please give me a message, small series will promptly reply to everyone. Here also thank you very much for the cloud Habitat Community website support!