The YII Framework provides 2 sets of access systems, one is a simple filter (filter) mode, the other is a complex and comprehensive RBAC model, I would like to talk about the first set (because I have just learned here). If you've ever studied Yii's official demo blog, it's important to know, for example, that the user module, which is automatically generated from the GII, automatically comes with a simple filter permission assignment, and details refer to the "User verification" section of the blog manual and the "Validation and authorization" of the official Yii guide. A chapter. (Note that the module I refer to here is just a general term of my personal file for user-related, which is not the same as the modular (module) meaning of the Yii file system.) )
Most of the files on permission assignments are in controllers, like opening usercontroller.php files, you'll see 2 of class functions.
Copy Code code as follows:
Public Function Filters ()
{
Return Array (
' AccessControl ',//implementation of access control for CRUD operations.
' Postonly + delete ',
);
}
Public Function Accessrules ()//This is the setting of the access rule.
{
Return Array (
Array (' Allow ',//Allow all users to perform index,view actions.
' Actions ' =>array (' index ', ' View '),
' Users ' =>array (' * '), <span></span>
),
Array (' Allow ',///Only allow authenticated user to execute Create, update action.
' Actions ' =>array (' Create ', ' Update '),
' Users ' =>array (' @ '),//@ number refers to all registered users
),
Array (' Allow ',//Only allow user name Admin user to perform admin,delete action
' Actions ' =>array (' admin ', ' delete '),
' Users ' =>array (' admin '),
,//admin means that the user name is Admin user and assigns user rights in hard-coded form.
Array (' Deny ',//Deny all access.
' Users ' =>array (' * '),
),
);
}
For more access rules, please refer to official documents Http://www.yiiframework.com/doc/api/1.1/CAccessControlFilter
OK, now it's time to start assigning the right permissions for our own needs. We want the filter access control model to be a little more perfect, and by common sense, we want it to be able to implement different mandates, rather than hard coded forms, according to different levels of users in the user table in the database.
Back to Demo blog, I first of the database Tbl_user table to make changes, on the original basis of the role of a. Add the value of role to the original user information record as "Administrator" or "General user".
then perform the following 3 steps in turn:
1. Create the component WebUser, which is an extension of the cwebuser.
2. Modify the config/main.php file.
3. Modify Accessrules ().
specific details are as follows:
1.webuser.php Component code:
Copy Code code as follows:
<strong><?php
This file must is stored in:
protected/components/webuser.php
Class WebUser extends Cwebuser {
Store model to not repeat query.
Private $_model;
return to name.
Access it by Yii::app ()->user->first_name
function Getfirst_name () {
$user = $this->loaduser (Yii::app ()->user->id);
return $user->first_name;
}
This was a function that checks the field ' role '
In the User model to is equal to 1, that means it ' s admin
Access it by Yii::app ()->user->isadmin ()
function ISAdmin () {
$user = $this->loaduser (Yii::app ()->user->id);
if ($user ==null)
return 0;
Else
return $user->role = = "Administrator";
}
Load user model.
protected function Loaduser ($id =null)
{
if ($this->_model===null)
{
if ($id!==null)
$this->_model=user::model ()->findbypk ($id);
}
return $this->_model;
}
}
?></strong>
2. In config/main.php find the following code, add the Code red.
Copy Code code as follows:
' Components ' =>array (
' User ' =>array (
Enable cookie-based Authentication
' Allowautologin ' =>true,
' Class ' => ' WebUser ',
),
3. Find the Controller class that needs to be changed, and make modifications to the Accessrules () function, such as the Accessrules () function of the preceding text as follows:
Copy Code code as follows:
Public Function Accessrules ()//This is the setting of the access rule. {
Return Array (
Array (' Allow ',//Allow all users to perform index,view actions.
' Actions ' =>array (' index ', ' View '),
' Users ' =>array (' * '),//* identifies all users including registered, unregistered, generic, administrator-level
),
Array (' Allow ',///Only allow authenticated user to execute Create, update action.
' Actions ' =>array (' Create ', ' Update '),
' Users ' =>array (' @ '),//@ number refers to all registered users
),
Array (' Allow ',//Only allow user name Admin user to perform admin,delete action
' Actions ' =>array (' admin ', ' delete '),
' Expression ' => ' Yii::app ()->user->isadmin () ',
This allows only users who are identified as "administrators" to access the Admin,delete action
),
Array (' Deny ',//Deny all access.
' Users ' =>array (' * '),
),
);
Work done!