Home > php教程 > php手册 > Detailed explanation of the rules of yii2 permission control rbac

Detailed explanation of the rules of yii2 permission control rbac

WBOY
Release: 2016-07-06 13:28:17
Original
1295 people have browsed it

Author: Bailang Source: http://www.manks.top/yii2_rbac_rule.html The copyright of this article belongs to the author, and you are welcome to reprint it. However, this statement must be retained without the author's consent, and the original text must be given in a prominent position on the article page. connection, otherwise we reserve the right to pursue legal liability.

In our previous detailed tutorial on setting up the backend of yii2 and rbac, I wonder if you have ever wondered what the rule table does. Why did we not involve this table in the whole process?

Believe me, if I don’t tell you, some people will try Baidu or Google, but in the end they will just draw water from a bamboo basket. There is very little content to explain in this part!

For general permission systems, the rbac we made before is generally sufficient. Even without rules, I believe you can also achieve the functions we use rules to achieve.

We will give a specific operation tutorial using the example from the official website to see what this mysterious rule does!

Depending on demand:

We have administrators and ordinary users. For the article system, we allow administrators to do any operation on articles, but only ordinary users are allowed to create articles and modify articles created by themselves. Note that they are allowed to modify articles created by themselves. Articles are not allowed to be modified, nor are all articles allowed to be modified!

Let’s see how to implement the yii2 rbac rule. The focus is to teach everyone how to use this rule, and also to solve the knots in many people’s minds!

Before we add a rule, we need to implement the execute method of the yiirbacRule class.

<?<span style="color: #000000;">php
namespace backend\components;


</span><span style="color: #0000ff;">use</span><span style="color: #000000;"> Yii;
</span><span style="color: #0000ff;">use</span><span style="color: #000000;"> yii\rbac\Rule;


</span><span style="color: #0000ff;">class</span> ArticleRule <span style="color: #0000ff;">extends</span><span style="color: #000000;"> Rule
{
    </span><span style="color: #0000ff;">public</span> <span style="color: #800080;">$name</span> = 'article'<span style="color: #000000;">;
    </span><span style="color: #0000ff;">public</span> <span style="color: #0000ff;">function</span> execute(<span style="color: #800080;">$user</span>, <span style="color: #800080;">$item</span>, <span style="color: #800080;">$params</span><span style="color: #000000;">)
    {
        </span><span style="color: #008000;">//</span><span style="color: #008000;"> 这里先设置为false,逻辑上后面再完善</span>
        <span style="color: #0000ff;">return</span> <span style="color: #0000ff;">false</span><span style="color: #000000;">;
    }
}</span>
Copy after login

Then, we can go to the background rule list (/admin/rule/index) to add rules. For specific adding methods, please refer to the screenshot below

Note that many people will fail in adding the class name in the above step. Remember to add the namespace where our ArticleRule file is located!

Let’s look at the third step, which is also where it’s easy to make mistakes! Please pay attention to this tutorial, high energy lies ahead!

We added a new permission to the access permission list (/admin/permission/index). This permission is only for modifying articles, and then we assign it to the user's role

Please note that there is a serious warning here. The route controlled by the newly added permissions here is the update operation of the article (/article/update). It is assigned to the current user only once. The current operation is assigned repeatedly to the role or user to which it belongs. , which may cause the rule to fail, and the reason for the failure is overwriting!

At this moment, refresh the article update page (/article/update/1) again. Obviously, we are directly given a 403 forbidden no access prompt, which means that the rule we just added has taken effect! If it does not take effect at this moment, please check the two points mentioned above!

Then we implement the business logic in the ArticleRule::execute method, please refer to the following:

[Considering that most domestic websites currently collect articles very frequently, and some even do not indicate the source of the original article, the original author hopes that readers can check the original article to prevent any problems and not update all articles to avoid misleading! ]

View original text

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Recommendations
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template