Doubts about Yii2 RBAC

后端 未结 5 2069
情歌与酒
情歌与酒 2021-02-20 07:50

I\'ve been developing web apps using Yii 1.1.14 so far, but now it\'s time for an upgrade.

The company where I work has developed its own Access Control system, and I wa

相关标签:
5条回答
  • 2021-02-20 08:03

    This is the best solution i could come up with when facing the need to filter access by permissions, it's bothersome but can be useful if you're trying to create roles in a productive enviroment and want to use rbac.

    use yii\web\ForbiddenHttpException;
    
    
    if(Yii::$app->user->can('view-users')){
        return $this->render('view', [
            'model' => $this->findModel($id),
        ]);
    }else{
        throw new ForbiddenHttpException('You dont have access to this site');
    }
    
    0 讨论(0)
  • 2021-02-20 08:05

    As I have created a new Rbac system for yii2. you can direct permission for a action and action will show you are not authorisez for this action.

    By this you find that you will only provide access for action that need to identify.

    I uploaded my detail here you can find lot of solution here.

    0 讨论(0)
  • 2021-02-20 08:17

    I use it in one of the simplest method,I use them in the behaviours of my controller.

     public function behaviors()
        {
    
            return [
                'access' => [
                    'class' => \yii\filters\AccessControl::className(),
                    'rules' => [
                        [
                            'allow' => true,
                            'roles' => ['sysadmin'],
                            'actions' => ['index','view','update'],
                        ],
                        [
                            'allow' => true,
                            'roles' => ['staff'],
                            'actions' => ['index','create','update','view'],
                        ],
                    ],
                ],
            ];
    
        }
    

    Here roles are the one created in the auth-item table in the database and they have been assigned for users in auth-assignment table. In the behaviours we just use it as above. In the above code sysadmin can have access to index, view and update action, whereas staff can have access to index,create, update and view action.

    0 讨论(0)
  • 2021-02-20 08:19

    I can only really answer 2.2 of your question, as 3 doesn't sound at all like something an RBAC should do. You could, however, get the information you needed from the rules table most likely, provided you followed a naming convention that matched your controllers or actions.

    On to answering 2.2 though:

    You can simply set the behavior like such:

    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                    [
                        'allow' => true,
                        'actions' => ['view'],
                        'roles' => ['view-users'], //<-- Note, rule instead of role
                    ],
            ]
        ]
    }
    

    This doesn't solve a different problem of 'view-own-users' style permissions, as this needs to inspect the ActiveRecord model (well, at least it does in my application). If You want to achieve this, take a look at my post in the Yii forums here:

    http://www.yiiframework.com/forum/index.php/topic/60439-yii2-rbac-permissions-in-controller-behaviors/#entry269913

    0 讨论(0)
  • 2021-02-20 08:19

    Yii2 needs a little setup when it comes to using RBAC under your controllers AccessControl. I got around it by making my own AccessRule file.

    namespace app\components;
    
    use Yii;
    
    class AccessRule extends \yii\filters\AccessRule
    {
        protected function matchRole($user)
        {
            if (empty($this->roles)) {
                return true;
            }
            foreach ($this->roles as $role) {
                if(Yii::$app->authManager->checkAccess($user->identity->code, $role))
                    return true;
            }
            return false;
    }
    

    then in your controller u can use something like this:

    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'ruleConfig' => [
                    'class' => 'app\components\AccessRule'
                ],
                'rules' => [
                    [
                        'actions' => ['index', 'resource-type'],
                        'allow'=> true,
                        'roles' => ['admin'],
                    ],
                ],
            ],
        ];
    }
    

    Where admin is defined as a auth_item and the user is in the auth_item_assignments.

    0 讨论(0)
提交回复
热议问题