Yii2-允许/查看自己的数据的RBAC规则 [英] Yii2 - RBAC rule to allow/view own data
问题描述
我已经从此URL安装yii2mod/yii2-rbac
- https://github.com/yii2mod/yii2 -rbac 在yii2-basic中.
I have installed yii2mod/yii2-rbac
from this url - https://github.com/yii2mod/yii2-rbac in yii2-basic.
一切正常,除非使用/允许所有者数据.
everything is working fine except using/allowing owner data.
通过此链接: https://www.yiiframework.com/doc/guide/2.0/zh-CN/security-authorization
我已经在根目录rbac
和文件AuthorRule.php
和代码中创建了一个文件夹:
from this link:https://www.yiiframework.com/doc/guide/2.0/en/security-authorization
I have created a folder in root rbac
and file AuthorRule.php
and code:
namespace app\rbac;
use yii\rbac\Rule;
//use app\models\Post;
/**
* Checks if authorID matches user passed via params
*/
class AuthorRule extends Rule
{
/**
* @var string
*/
public $name = 'isAuthor';
/**
* @param string|int $user the user ID.
* @param Item $item the role or permission that this rule is associated with
* @param array $params parameters passed to ManagerInterface::checkAccess().
* @return bool a value indicating whether the rule permits the role or permission it is associated with.
*/
public function execute($user, $item, $params)
{
return isset($params['post']) ? $params['post']->createdBy == $user : false;
}
}
但是当我尝试将规则添加到许可中时(在我创建updateOwnRecord的许可下添加AuthorRule
或isAuthor
时,出现错误,该规则不存在.
but when I try to add the rule in permission(either AuthorRule
or isAuthor
under permission I created updateOwnRecord, I am getting the error, the rule doesn't exist.
我在这里想念什么?
推荐答案
但是当我尝试在权限中添加规则时(AuthorRule或 在我创建updateOwnRecord的权限下,isAuthor得到了 错误,该规则不存在
but when I try to add the rule in permission(either AuthorRule or isAuthor under permission I created updateOwnRecord, I am getting the error, the rule doesn't exist
由于没有相关代码,因此不确定在何处出现所提到的错误,但请查看您的详细信息,以确保您未正确理解该过程.
Not sure where you are getting the error you mentioned as there is no relevant code, but looking at your details i recon you havent understood the process correctly.
- 在
auth_item
中创建权限updatePost
. - 将
AuthorRule
类的序列化实例添加到auth_rule
表中. - 创建新权限
updateOwnPost
并指定规则名称,即isAuthor
. - 将权限
updatePost
作为子级添加到auth_item_child
表中的UpdateOwnPost
.-
isAuthor
将是您将提供给updateOwnPost
权限的rule_name
列的规则的名称.
- Create a permission
updatePost
in theauth_item
. - Add
AuthorRule
class's serialized instance toauth_rule
table. - Create a new permission
updateOwnPost
and specify the rule name i.eisAuthor
. - Add the permission
updatePost
as a child toUpdateOwnPost
in theauth_item_child
table.- the
isAuthor
will be the name of the rule that you will supply to theupdateOwnPost
permission'srule_name
column.
请参阅下面的代码,您现在可以通过任何临时操作一次运行它,我们稍后将在下面的答案中讨论它的位置.
See the below code you can run it once via any temporary action for now, we will discuss it's place later in the answer below.
$auth = Yii::$app->authManager; $updatePost = $auth->getPermission('updatePost'); //change it to whichever role you want to assign it like `user` `admin` or any other role $role = $auth->getRole('user'); // add the rule $rule = new \app\rbac\AuthorRule; $auth->add($rule); // add the "updateOwnPost" permission and associate the rule with it. $updateOwnPost = $auth->createPermission('updateOwnPost'); $updateOwnPost->description = 'Update own post'; $updateOwnPost->ruleName = $rule->name; $auth->add($updateOwnPost); // "updateOwnPost" will be used from "updatePost" $auth->addChild($updateOwnPost, $updatePost); // allow "author" to update their own posts $auth->addChild($role, $updateOwnPost);
现在一切顺利,您可以通过运行上面的代码来添加规则
Now if all goes well and you can add a rule by running the code above
记住,您需要在检查
Yii::$app->user->can()
而不是updateOwnPost
中检查updatePost
规则,并将Post
模型实例作为第二个参数传递Remember You need to check the
updatePost
rule in the checkYii::$app->user->can()
and notupdateOwnPost
and pass thePost
model instance along as the second parameter赞
if (\Yii::$app->user->can('updatePost', ['post' => $post])) { // update post }
关于代码在当前应用程序中的位置
如果您想拥有一个单独的界面,可以在其中添加使用表单创建所有内容,那么您可以遵循已经提供的
dektrium-rbac
代码,该代码提供了可以根据您自己的要求使用的完整内容.
About The code Placement in the current application
If you want to have a separate interface where you can add create all with a form then you can follow
dektrium-rbac
code available already where it provides complete crud that you can use according to your own requirements.有关参考,请参见下文
- Add Rule Form
- RuleController::actionCreate
- RuleModel::create()
注意:如果您有很多控制器,并且希望将此规则与控制器内部的每个更新操作相关联(鉴于所有关联的模型都具有
created_by
字段),那么您可能会去console\Controller
并通过控制台运行这样的进程,以便每个新的controller/update
都可以与在循环内重复上述过程的规则相关联.有关basic-app中控制台控制器的用法,请参见此处Note: if you have a lot of controllers and you want to associate this rule with every update action inside the controllers (Given that all the associated models have the
created_by
field) then you might go for theconsole\Controller
and run such processes via console, so that every newcontroller/update
can be associated with the rule repeating the above process inside a loop. For the console controller usage in basic-app see here这篇关于Yii2-允许/查看自己的数据的RBAC规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- the
-