Yii2-允许/查看自己的数据的RBAC规则 [英] Yii2 - RBAC rule to allow/view own data

问题描述

我已经从此URL安装yii2mod/yii2-rbac- https://github.com/yii2mod/yii2 -rbac 在yii2-basic中.

I have installed yii2mod/yii2-rbac from this url - https://github.com/yii2mod/yii2-rbac in yii2-basic.

一切正常，除非使用/允许所有者数据.

everything is working fine except using/allowing owner data.

通过此链接: https://www.yiiframework.com/doc/guide/2.0/zh-CN/security-authorization 我已经在根目录rbac和文件AuthorRule.php和代码中创建了一个文件夹:

from this link:https://www.yiiframework.com/doc/guide/2.0/en/security-authorization I have created a folder in root rbac and file AuthorRule.php and code:

namespace app\rbac;

use yii\rbac\Rule;

//use app\models\Post;

/**
 * Checks if authorID matches user passed via params
 */
class AuthorRule extends Rule
{
    /**
     * @var string
     */
    public $name = 'isAuthor';

    /**
     * @param string|int $user the user ID.
     * @param Item $item the role or permission that this rule is associated with
     * @param array $params parameters passed to ManagerInterface::checkAccess().
     * @return bool a value indicating whether the rule permits the role or permission it is associated with.
     */
    public function execute($user, $item, $params)
    {
        return isset($params['post']) ? $params['post']->createdBy == $user : false;
    }
}

但是当我尝试将规则添加到许可中时(在我创建updateOwnRecord的许可下添加AuthorRule或isAuthor时，出现错误，该规则不存在.

but when I try to add the rule in permission(either AuthorRule or isAuthor under permission I created updateOwnRecord, I am getting the error, the rule doesn't exist.

我在这里想念什么?

推荐答案

但是当我尝试在权限中添加规则时(AuthorRule或 在我创建updateOwnRecord的权限下，isAuthor得到了 错误，该规则不存在

but when I try to add the rule in permission(either AuthorRule or isAuthor under permission I created updateOwnRecord, I am getting the error, the rule doesn't exist

由于没有相关代码，因此不确定在何处出现所提到的错误，但请查看您的详细信息，以确保您未正确理解该过程.

Not sure where you are getting the error you mentioned as there is no relevant code, but looking at your details i recon you havent understood the process correctly.

• 在auth_item中创建权限updatePost.
• 将AuthorRule类的序列化实例添加到auth_rule表中.
• 创建新权限updateOwnPost并指定规则名称，即isAuthor.
• 将权限updatePost作为子级添加到auth_item_child表中的UpdateOwnPost.
  • isAuthor将是您将提供给updateOwnPost权限的rule_name列的规则的名称.
  • Create a permission updatePost in the auth_item .
  • Add AuthorRule class's serialized instance to auth_rule table.
  • Create a new permission updateOwnPostand specify the rule name i.e isAuthor.
  • Add the permission updatePost as a child to UpdateOwnPost in the auth_item_child table.
    • the isAuthor will be the name of the rule that you will supply to the updateOwnPost permission's rule_name column.

    请参阅下面的代码，您现在可以通过任何临时操作一次运行它，我们稍后将在下面的答案中讨论它的位置.

    See the below code you can run it once via any temporary action for now, we will discuss it's place later in the answer below.

    $auth = Yii::$app->authManager;
    $updatePost = $auth->getPermission('updatePost');
    
    //change it to whichever role you want to assign it like `user` `admin` or any other role
    $role = $auth->getRole('user');
    
    // add the rule
    $rule = new \app\rbac\AuthorRule;
    $auth->add($rule);
    
    // add the "updateOwnPost" permission and associate the rule with it.
    $updateOwnPost = $auth->createPermission('updateOwnPost');
    $updateOwnPost->description = 'Update own post';
    $updateOwnPost->ruleName = $rule->name;
    $auth->add($updateOwnPost);
    
    // "updateOwnPost" will be used from "updatePost"
    $auth->addChild($updateOwnPost, $updatePost);
    
    // allow "author" to update their own posts
    $auth->addChild($role, $updateOwnPost);
    

    现在一切顺利，您可以通过运行上面的代码来添加规则

    Now if all goes well and you can add a rule by running the code above

    记住，您需要在检查Yii::$app->user->can() 而不是updateOwnPost 中检查updatePost规则，并将Post模型实例作为第二个参数传递

    Remember You need to check the updatePost rule in the check Yii::$app->user->can() and not updateOwnPost and pass the Post model instance along as the second parameter

    赞

    if (\Yii::$app->user->can('updatePost', ['post' => $post])) {
        // update post
    }
    

    ---

    关于代码在当前应用程序中的位置

    如果您想拥有一个单独的界面，可以在其中添加使用表单创建所有内容，那么您可以遵循已经提供的dektrium-rbac代码，该代码提供了可以根据您自己的要求使用的完整内容.

    ---

    About The code Placement in the current application

    If you want to have a separate interface where you can add create all with a form then you can follow dektrium-rbac code available already where it provides complete crud that you can use according to your own requirements.

    有关参考，请参见下文

    • 添加规则表
    • RuleController :: actionCreate
    • RuleModel :: create()
    • Add Rule Form
    • RuleController::actionCreate
    • RuleModel::create()

    注意:如果您有很多控制器，并且希望将此规则与控制器内部的每个更新操作相关联(鉴于所有关联的模型都具有created_by字段)，那么您可能会去console\Controller并通过控制台运行这样的进程，以便每个新的controller/update都可以与在循环内重复上述过程的规则相关联.有关basic-app中控制台控制器的用法，请参见此处

    Note: if you have a lot of controllers and you want to associate this rule with every update action inside the controllers (Given that all the associated models have the created_by field) then you might go for the console\Controller and run such processes via console, so that every new controller/update can be associated with the rule repeating the above process inside a loop. For the console controller usage in basic-app see here

    这篇关于Yii2-允许/查看自己的数据的RBAC规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！