Yii authentication and authorization
Array ('index', 'view'), 'users' => array ('*'),), array ('allow ', // @ indicates the 'actions' => array ('create', 'update'), 'users' => array ('@'),), array ('allow', // allow admin user to perform 'admin' and 'delete' 'actions' => array ('admin', 'delete '), 'users' => array ('admin'),), array ('Deny ', // * stands for all users 'users' => array ('*'),),) ;}}?> |
AccessControl is actually a method under CController,
?
1234567891011121314151617181920212223242526272829303132333435363738 |
SetRules ($ this-> accessRules (); $ filter-> filter ($ filterChain) ;}?> We can see from the above that the CAccessControlFilter is actually called. Check the manual. all instructions on accessRules rules are as follows. Array ('allow', // or 'deny' // you can specify the action that matches the rule 'actions' => array ('edit', 'delete '), // set the control of the match. // This option is available since version 1.0.3. 'controllers' => array ('post', 'admin/user'), // sets which user matches this rule // Use * to represent all users ,? Guest users, and @ authenticated users 'users' => array ('Thomas ', 'Kevin'), // Set which role matches this rule. 'roles '=> array ('admin', 'editor'), // specifies the IP address that matches the rule 'ips' => array ('1970. 0.0.1 '), // specify the request method matching rule 'Verbs' => array ('GET', 'post'), // set a PHP expression. The value indicates whether the rule applies. // In the expression, you can use a variable named $ user, which represents Yii: app ()-> user. This option is introduced in version 1.0.3. 'Expression' => '! $ User-> isGuest & $ user-> level = 2 ',); |
2. RBAC authentication and authorization methods
1) configure in the configuration file main. php
?
12345678 |
AuthManager '=> array ('class' => 'cdbauthmanager', 'defaultrole' => array ('guest'), // Default role 'itemtable' => 'authitem ', // the name of the authentication item table is 'itemchildtable' => 'authitemchild ', // The authentication item parent-child relationship 'assignmenttable' => 'authassignment ', // Onid => 'DB '), |
The 'authitem' table is the default value of yii.
2) create a role
?
123456789101112131415 |
$ Auth = Yii: app ()-> authManager; // Create action $ auth-> createOperation ('index', 'log list '); $ auth-> createOperation ('View', 'View log'); $ auth-> createOperation ('create', 'Add log '); $ auth-> createOperation ('update', 'update log'); $ auth-> createOperation ('delete', 'Add list '); // create a role $ role = $ auth-> createRole ('admin'); $ role-> addChild ('index'); $ role-> addChild ('View '); $ role-> addChild ('create'); $ role-> addChild ('update'); $ role-> addChild ('delete ');/ |