How to use yii2 framework rights management

Time:2019-12-16

ACF: access control filter
Access control filter (ACF) is a simple authorization method implemented by yiifiltersaccesscontrol class.
Introduce its use:

    public function behaviors()
    {
        return [
            'access' => [
                'class' => yii\filters\AccessControl::className(),
                    'rules' => [
                        [
                            'allow' => true,
                            'actions' => ['create', 'update', 'view', 'delete'],
                            'roles' => ['@'],
                        ],
                        [
                            'allow' => true,
                            'actions' => ['index'],
                            'roles' => ['?'],
                        ],
                    ],
            ],
        ];
    }
  • rules:array a list of access rule objects or configuration arrays for creating the rule objects.
  • If a rule is specified via a configuration array, it will be merged with [[ruleConfig]] first
  • before it is used for creating the rule object.
  • Allow all visitors (users not yet authenticated) to perform index operations. The roles option contains a question mark? Which is a special identifier representing the “guest user”.
  • Allow authenticated users to perform the create update view delete operation. @Is another special identifier that represents an authenticated user.

Role based access control (RBAC)
Simply introduce the use of database to store authorized data
Add component configuration in the configuration file web.php:

'components' => [
    ......
    'authManager' => [   
                 'class' => 'yii\rbac\DbManager',    
                 'itemTable' => 'auth_item',    
                 'assignmentTable' => 'auth_assignment',    
                 'itemChildTable' => 'auth_item_child',
            ],
]

Dbmanager uses four database tables to store its data:

Yiirbacdbmanager:: $itemtable: this table holds authorization entries. The default table name is “auth item”.
Yiirbacdbmanager:: $itemchildtable: this table holds the hierarchical relationship of authorization entries. The default table name is “auth item child”.
Yiirbacdbmanager:: $assignmenttable: this table stores the assignment of authorization entries to users. The default table name is “auth & assignment”.
Yiirbacdbmanager:: $ruletable: this table holds rules. The default table name is “auth Ou rule”.

You need to create these tables in the database. You can do this using the database migration files stored in the @ Yii / RBAC / migrations directory.
The authorization steps are as follows:

Define roles and permissions

Establish the relationship between roles and permissions
Definition rules
Associate rules with roles and permissions
Assign roles to users

The specific implementation is as follows:

public function actionAccess()
    {
        $auth = Yii::$app->authManager;
        //Create agent permissions
        $agentPermission = $auth->createPermission('agent');
        $agentPermission->description = 'create agent operate permission.';
        $auth->add($agentPermission);  
        //Create admin role
        $adminRole = $auth->createRole('admin');    
        $adminRole->description = 'create admin role.';    
        $auth->add($adminRole);
        //Assign permissions to roles
        $auth->addChild($adminRole, $agentPermission);
        //Assign roles to users
        $userId = 1;
        $auth->assign($adminRole, $userId);
    }

After the authorization, the authority judgment before the controller request execution can be performed. As follows:

public function beforeAction($action)
    {
        if (!parent::beforeAction($action)) {
            return false;
        }

        if (Yii::$app->user->can(Yii::$app->controller->id)) {
            return true;
        }

        Throw new \ Yii \ web \ unauthorized httpexception ('No permission to view ');
    }
Yii::$app->user->can($permissionName)
Pass in the name of the permission, Yii will automatically judge whether the current user has this permission, and return true or false.
If it is true, you can continue to execute the requested method.
If it is false, we can do some interceptions, such as throwing an exception directly.

Recommended Today

Sharing 10 useful methods of laravel 5.8 sets

This article is forwarded from the professional laravel developer community, original link: https://learnku.com/laravel/t… In laravel, there is a very useful class for manipulating arrays, called collections. I believe that every developer of laravel has used the collection more or less, especially when operating eloquent. In this article, I will list 10 common methods. 1. Weight […]