In-depth analysis of yii permission hierarchical access control implementation (non-RBAC method) _ PHP Tutorial

Source: Internet
Author: User
In-depth analysis of yii permission hierarchical access control implementation (non-RBAC method ). Yiiframework provides two sets of permission access systems, one is the simple filter mode, and the other is the complex and comprehensive RBAC mode, here I will talk about the first one (because I also just got yii framework provides two sets of permission access systems, one is a simple filter mode, the other is the complex and comprehensive RBAC model. here I want to talk about the first one (because I just learned it here ). If you have studied the official demo blog of YII, you must know that, for example, the user module automatically generated by gii automatically comes with a simple filter permission assignment function, for details, see the "user verification" section in the blog manual and the "verification and authorization" section in the yii Official Guide. (Note: the modules I refer to here are just the general terms of user-related files. they have different meanings from the modules in the yii file system .)
Most of the files about permission assignment are in controllers. for example, you can see two class functions when you open the UserController. php file.

The code is as follows:


Public function filters ()
{
Return array (
'Accesscontrol', // implement CRUD operation access control.
'Postonly + Delete ',
);
}

Public function accessRules () // Here is the access rule settings.
{
Return array (
Array ('allow', // allows all users to execute the index and view actions.
'Actions' => array ('index', 'view '),
'Users' => array ('*'),
),
Array ('allow', // only authenticated users are allowed to perform the create and update actions.
'Actions' => array ('create', 'update '),
'Users' => array ('@'), // @ indicates all registered users
),
Array ('allow', // only allow users whose username is admin to execute the admin and delete actions
'Actions' => array ('admin', 'delete '),
'Users' => array ('admin '),
), // Admin refers to the user whose user name is admin, and the user permissions are assigned in hardcoded form.
Array ('Deny', // deny all access.
'Users' => array ('*'),
),
);
}


For more access rule settings, refer to the official document http://www.yiiframework.com/doc/api/1.1/CAccessControlFilter
Now, we need to set the appropriate permissions as needed. We hope that the filter access control mode can be more perfect. according to common sense, we hope that it can implement different authorizations based on different levels of users in the user table in the database, rather than using hard-coded controls.

Return to the demo blog. first, modify the tbl_user table of the database and add a role item to the original table. Add the role value to the original user information record as "administrator" or "normal user ".
Perform the following three steps in sequence:
1. create the WebUser component, which is an extension of CWebUser.
2. modify the config/main. php file.
3. modify accessRules ().
The details are as follows:
1. WebUser. php component code:

The code is as follows:



// This file must be stored in:
// Protected/components/WebUser. php

Class WebUser extends CWebUser {

// Store model to not repeat query.
Private $ _ model;

// Return first name.
// Access it by Yii: app ()-> user-> first_name
Function getFirst_Name (){
$ User = $ this-> loadUser (Yii: app ()-> user-> id );
Return $ user-> first_name;
}

// This is a function that checks the field 'role'
// In the User model to be equal to 1, that means it's admin
// Access it by Yii: app ()-> user-> isAdmin ()
Function isAdmin (){
$ User = $ this-> loadUser (Yii: app ()-> user-> id );
If ($ user = null)
Return 0;
Else
Return $ user-> role = "administrator ";
}

// Load user model.
Protected function loadUser ($ id = null)
{
If ($ this-> _ model = null)
{
If ($ id! = Null)
$ This-> _ model = User: model ()-> findByPk ($ id );
}
Return $ this-> _ model;
}
}
?>


2. find the following code in config/main. php and add the code marked in red.

The code is as follows:


'Components' => array (
'User' => array (
// Enable cookie-based authentication
'Allowautologin' => true,
'Class' => 'webuser ',
),


3. find the controller class to change the permission and modify the accessRules () function. for example, modify the previously mentioned accessRules () function as follows:

The code is as follows:


Public function accessRules () // Here is the access rule settings. {
Return array (
Array ('allow', // allows all users to execute the index and view actions.
'Actions' => array ('index', 'view '),
'Users' => array ('*'), // * indicates all users, including registered, unregistered, general, and administrator-level
),
Array ('allow', // only authenticated users are allowed to perform the create and update actions.
'Actions' => array ('create', 'update '),
'Users' => array ('@'), // @ indicates all registered users
),
Array ('allow', // only allow users whose username is admin to execute the admin and delete actions
'Actions' => array ('admin', 'delete '),
'Expression' => 'yii: app ()-> user-> isAdmin ()',
// In this way, only users identified as "administrators" can access the admin and delete actions.
),
Array ('Deny', // deny all access.
'Users' => array ('*'),
),
);


Work completed!

Http://www.bkjia.com/PHPjc/327563.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/327563.htmlTechArticleyii framework provides two sets of permission access system, one is the simple filter mode, the other is the complex and comprehensive RBAC mode, here I want to talk about the first set (because I just...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.