php - Yii Framework 2.0 Role Based Access Control RBAC -
learning yii framework 2.0 have tried utilize role bases access command documentation of yii 2.0. guide documentation short me cannot finish learning. have added next code config file.
'components' => [ 'authmanager' => [ 'class' => 'yii\rbac\dbmanager', ], ], i have create database tables next sql script.
drop table [auth_assignment]; drop table [auth_item_child]; drop table [auth_item]; drop table [auth_rule]; create table [auth_rule] ( [name] varchar(64) not null, [data] text, [created_at] integer, [updated_at] integer, primary key ([name]) ); create table [auth_item] ( [name] varchar(64) not null, [type] integer not null, [description] text, [rule_name] varchar(64), [data] text, [created_at] integer, [updated_at] integer, primary key ([name]), foreign key ([rule_name]) references [auth_rule] ([name]) on delete set null on update cascade ); create index [idx-auth_item-type] on [auth_item] ([type]); create table [auth_item_child] ( [parent] varchar(64) not null, [child] varchar(64) not null, primary key ([parent],[child]), foreign key ([parent]) references [auth_item] ([name]) on delete cascade on update cascade, foreign key ([child]) references [auth_item] ([name]) on delete cascade on update cascade ); create table [auth_assignment] ( [item_name] varchar(64) not null, [user_id] varchar(64) not null, [created_at] integer, primary key ([item_name], [user_id]), foreign key ([item_name]) references [auth_item] ([name]) on delete cascade on update cascade ); i have built authentication info following.
class rbaccontroller extends controller { public function actioninit() { $auth = yii::$app->authmanager; // add together "createpost" permission $createpost = $auth->createpermission('createpost'); $createpost->description = 'create post'; $auth->add($createpost); // add together "updatepost" permission $updatepost = $auth->createpermission('updatepost'); $updatepost->description = 'update post'; $auth->add($updatepost); // add together "author" role , give role "createpost" permission $author = $auth->createrole('author'); $auth->add($author); $auth->addchild($author, $createpost); // add together "admin" role , give role "updatepost" permission // permissions of "author" role $admin = $auth->createrole('admin'); $auth->add($admin); $auth->addchild($admin, $updatepost); $auth->addchild($admin, $author); // assign roles users. 1 , 2 ids returned identityinterface::getid() // implemented in user model. $auth->assign($author, 2); $auth->assign($admin, 1); } } when access actioninit() method via controller, above database tables have been filled info based on above code. furthermore, in user's table have 2 users, admin user has id number 1 , author user has id number 2. utilize next code create user.
public function create() { if ($this->validate()) { $user = new user(); $user->username = $this->username; $user->email = $this->email; $user->setpassword($this->password); $user->generateauthkey(); $user->save(false); // next 3 lines added: $auth = yii::$app->authmanager; $authorrole = $auth->getrole('author'); $auth->assign($authorrole, $user->getid()); homecoming $user; } homecoming null; } with above code new inserted users author. if-statements below can grant or deny access.
if (\yii::$app->user->can('createpost')) { // create post } if (\yii::$app->user->can('updatepost')) { // update post } so far good. works fine. scenario of above code normal author can create post, cannot update post. admin can update post , can author can do. want normal author able update his/her own post. don't know how go farther here. have followed yii guide documentation/secury/authorization paragraph role based access command (rbac). have never used yii 1. that's why not figure out such short explanation of yii 2.0 documentation rbac.
you need access rule , docs clear create like
namespace app\rbac; utilize yii\rbac\rule; /** * checks if authorid matches user passed via params */ class authorrule extends rule { public $name = 'isauthor'; /** * @param string|integer $user user id. * @param item $item role or permission rule associated * @param array $params parameters passed managerinterface::checkaccess(). * @return boolean value indicating whether rule permits role or permission associated with. */ public function execute($user, $item, $params) { homecoming isset($params['post']) ? $params['post']->createdby == $user : false; } } then, add together in rbac role
$auth = yii::$app->authmanager; // add together rule $rule = new \app\rbac\authorrule; $auth->add($rule); // add together "updateownpost" permission , associate rule it. $updateownpost = $auth->createpermission('updateownpost'); $updateownpost->description = 'update own post'; $updateownpost->rulename = $rule->name; $auth->add($updateownpost); // "updateownpost" used "updatepost" $auth->addchild($updateownpost, $updatepost); // allow "author" update own posts $auth->addchild($author, $updateownpost); finally asign role user in signup
$auth = yii::$app->authmanager; $authorrole = $auth->getrole('author'); $auth->assign($authorrole, $userid_here); to check if user have ability edit utilize code below $post model posts
if (\yii::$app->user->can('updatepost', ['post' => $post])) { // update post } all these taken guide. allow me know if have problem
php yii2 rbac role-based-access-control
No comments:
Post a Comment