问题
I have installed yii2mod/yii2-rbac from this url - https://github.com/yii2mod/yii2-rbac in yii2-basic.
everything is working fine except using/allowing owner data.
from this link:https://www.yiiframework.com/doc/guide/2.0/en/security-authorization
I have created a folder in root rbac and file AuthorRule.php and code:
namespace app\rbac;
use yii\rbac\Rule;
//use app\models\Post;
/**
* Checks if authorID matches user passed via params
*/
class AuthorRule extends Rule
{
/**
* @var string
*/
public $name = 'isAuthor';
/**
* @param string|int $user the user ID.
* @param Item $item the role or permission that this rule is associated with
* @param array $params parameters passed to ManagerInterface::checkAccess().
* @return bool a value indicating whether the rule permits the role or permission it is associated with.
*/
public function execute($user, $item, $params)
{
return isset($params['post']) ? $params['post']->createdBy == $user : false;
}
}
but when I try to add the rule in permission(either AuthorRule or isAuthor under permission I created updateOwnRecord, I am getting the error, the rule doesn't exist.
What I am missing here?
回答1:
but when I try to add the rule in permission(either AuthorRule or isAuthor under permission I created updateOwnRecord, I am getting the error, the rule doesn't exist
Not sure where you are getting the error you mentioned as there is no relevant code, but looking at your details i recon you havent understood the process correctly.
- Create a permission
updatePostin theauth_item. - Add
AuthorRuleclass's serialized instance toauth_ruletable. - Create a new permission
updateOwnPostand specify the rule name i.eisAuthor. - Add the permission
updatePostas a child toUpdateOwnPostin theauth_item_childtable.- the
isAuthorwill be the name of the rule that you will supply to theupdateOwnPostpermission'srule_namecolumn.
- the
- Add the
updatePostas a child of theroleyou want to use the rule for, likeuseror anyother you have created for the standard user role.
See the below code you can run it once via any temporary action for now, we will discuss it's place later in the answer below.
$auth = Yii::$app->authManager;
$updatePost = $auth->getPermission('updatePost');
//change it to whichever role you want to assign it like `user` `admin` or any other role
$role = $auth->getRole('user');
// add the rule
$rule = new \app\rbac\AuthorRule;
$auth->add($rule);
// add the "updateOwnPost" permission and associate the rule with it.
$updateOwnPost = $auth->createPermission('updateOwnPost');
$updateOwnPost->description = 'Update own post';
$updateOwnPost->ruleName = $rule->name;
$auth->add($updateOwnPost);
// "updateOwnPost" will be used from "updatePost"
$auth->addChild($updateOwnPost, $updatePost);
// allow "author" to update their own posts
$auth->addChild($role, $updateOwnPost);
Now if all goes well and you can add a rule by running the code above
Remember You need to check the
updatePostrule in the checkYii::$app->user->can()and notupdateOwnPostand pass thePostmodel instance along as the second parameter
Like this
if (\Yii::$app->user->can('updatePost', ['post' => $post])) {
// update post
}
About The code Placement in the current application
If you want to have a separate interface where you can add create all with a form then you can follow dektrium-rbac code available already where it provides complete crud that you can use according to your own requirements.
For the reference see below
- Add Rule Form
- RuleController::actionCreate
- RuleModel::create()
Note: if you have a lot of controllers and you want to associate this rule with every update action inside the controllers (Given that all the associated models have the created_by field) then you might go for the console\Controller and run such processes via console, so that every new controller/update can be associated with the rule repeating the above process inside a loop. For the console controller usage in basic-app see here
来源:https://stackoverflow.com/questions/57778924/yii2-rbac-rule-to-allow-view-own-data