在Yii Framework中实现基于角色的授权
[英]Implementing role-based authorization in Yii Framework
问题描述
I've been following this tutorial, which is great btw, and have one question. 
我一直在关注这个教程,这很棒,并且有一个问题。
http://www.larryullman.com/2010/01/07/custom-authentication-using-the-yii-framework/ http://www.larryullman.com/2010/01/07/custom-authentication-using-the-yii-framework/
I can access the role property like this, anywhere in my application code: 我可以在我的应用程序代码中的任何位置访问这样的角色属性:
Yii::app()->user->role
but, what I'd really like to do is use the default controller authorization in my UserController: 但是,我真正想做的是使用我的UserController中的默认控制器授权:
/**
* Specifies the access control rules.
* This method is used by the 'accessControl' filter.
* @return array access control rules
*/
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('*'),
'users'=>array('@'),
// Fails
'roles'=>array(ModelConstantsRole::ADMIN),
// Also Fails
'expression'=>'(isset(Yii::app()->user->role) && (Yii::app()->user->role==ModelConstantsRole::ADMIN))',
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
It appears that the class that actually validates the rules defined in accessRules doesn't actually know anything about my role that I've assigned it. 看来实际验证accessRules中定义的规则的类实际上并不知道我已经分配给我的角色。 CAccessControlFilter (for those of you who don't want to search for it for 40 minutes XD). CAccessControlFilter(对于那些不想在40分钟内搜索XD的人)。
Any ideas on how I can make use of the accessRules method when I combine it with Larry's approach? 当我将它与Larry的方法结合起来时,有关如何使用accessRules方法的任何想法?
Thanks! 谢谢!
2 个解决方案
解决方案1
5 已采纳 2012-06-10 16:25:27
From your code it looks like you want to apply this rule to all the actions, to do that you need to leave the actions array unspecified or empty array: 从您的代码看起来您希望将此规则应用于所有操作,为此您需要将actions数组保留为未指定或为空数组:
//empty actions
array('allow',
'actions'=>array(),//array('*'),
...
)
Or unspecified: 或者未指明:
array('allow', // allow all users to perform 'index' and 'view' actions
//'actions'=>array('*'),
...
)
This is already documented in the docs : 这已在文档中记录 :
array( 'allow', // or 'deny'
// optional, list of action IDs (case insensitive) that this rule applies to
// if not specified, rule applies to all actions
'actions'=>array('edit', 'delete'),
Keep in mind that the roles array is again an array with role names, example: 请记住,roles数组又是一个带有角色名称的数组,例如:
'roles'=>array('role1','role2','role3')
Then you don't need the 'expression' as all that you are doing in there is already being done with the roles array. 然后你不需要'表达式',因为你在那里所做的一切都已经完成了使用roles数组。
Edit: After reading the tutorial you have linked, it seems that he has not implemented RBAC . 编辑:在阅读了您已链接的教程后,似乎他没有实现RBAC 。 The 'roles' option uses rbac, so it won't work without it. 'roles'选项使用rbac,因此没有它就无法工作。 Hence you'll have to use the 'expression' option instead, and your 'expression' option looks fine. 因此,您将不得不使用'expression'选项,而'expression'选项看起来很好。
解决方案2
0 2012-06-09 12:34:19
Try set actions correctly 尝试正确设置操作
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('view', 'delete', 'update'),
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.