Yii 框架:基于角色的访问控制 [英] Yii framework : role based access control

问题描述

我正在使用 yii 框架为使用 yii 框架的敏捷 Web 应用程序开发书中提到的应用程序实现基于角色的访问控制.我已经实现了直到第 189 页的所有内容.

I am implementing role based access control using yii framework for the application mentioned in the Agile web application development using yii framework book.I have implemented every thing up to page number 189.

第 189 页说可以使用以下方法检查是否允许用户执行某些操作.

page number 189 says that following method can be used to check whether user is allowed to perform some action or not.

If( Yii::app()->user->checkAccess('createIssue')) {//执行所需的逻辑 }

If( Yii::app()->user->checkAccess('createIssue')) { //perform needed logic }

但是对于已分配给createIssue操作的用户，此方法始终返回false

but this method always return false for users who have been assigned to createIssue operation

以下是RBAC的数据库图

following is the database diagram for RBAC

我正在使用以下命令为 authassignment 表链接用户 ID 和角色.

i am linking UserID and role for authassignment table using following command.

$auth=Yii::app()->authManager;$auth->assign('member',1);

$auth=Yii::app()->authManager; $auth->assign('member',1);

如您所见，我的用户表和 authassignment 表没有直接关系.

As you can see my user table and authassignment table does not have direct relationship.

我已经在配置文件夹中配置了 main.php 文件

And i have configured main.php file in configuration folder

这些是我们迄今为止所做的一切，如果这里有任何遗漏，任何机构都可以与我分享您的知识.在此先感谢您的帮助.

These are the all we have done so far and could any body share your knowledge with me if any thing is missing here. Thanks in advance for any help.

推荐答案

加油，伙计！当然，用户和分配之间必须存在直接关系.在下面的一段代码中:

Come on, man! Of course there must be a direct relationship between users and assigments. In the following piece of code:

$auth=Yii::app()->authManager; $auth->assign('member',1)

'member' 属于 authiments，'1' 是分配有该角色的用户的 ID.authassigment"表中的userid"必须指向users表.

'member' belongs to authiments, and '1' is the id of the user being assigned with that role. "userid", in the "authassigment" table, must point to users table.

这篇关于Yii 框架:基于角色的访问控制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！