In our previous complete tutorial on setting up the backend of Yii2 and implementing rbac permission control, I wonder if you have ever wondered what the rule table does. Why did we not involve this table in the whole process?
Believe me, if I don’t tell you, some people will try Baidu or Google, but in the end they will just draw water from a bamboo basket. There is very little content to explain in this part!
For general permission systems, the rbac we made before is generally sufficient. Even without rules, I believe you can also achieve the functions we use rules to achieve.
We will give a specific operation tutorial using the example from the official website to see what this mysterious rule does!
Depending on demand:
We have administrators and ordinary users. For the article system, we allow administrators to do any operation on articles, but only ordinary users are allowed to create articles and modify articles created by themselves. Note that they are allowed to modify articles created by themselves. Articles are not allowed to be modified, nor are all articles allowed to be modified!
Let’s see how to implement the yii2 rbac rule. The focus is to teach everyone how to use this rule, and also to solve the knots in many people’s minds!
Before we add a rule, we need to implement the execute method of the yiirbacRule class.
<?php namespace backend\components; use Yii; use yii\rbac\Rule; class ArticleRule extends Rule { public $name = 'article'; public function execute($user, $item, $params) { // 这里先设置为false,逻辑上后面再完善 return false; } }
Then, we can go to the background rule list (/admin/rule/index) to add rules. For specific adding methods, please refer to the screenshot below
Note that many people will fail in adding the class name in the above step. Remember to add the namespace where our ArticleRule file is located!
Let’s look at the third step, which is also where it’s easy to make mistakes! Please pay attention to this tutorial, high energy lies ahead!
We added a new permission to the access permission list (/admin/permission/index). This permission is only for modifying articles, and then we assign it to the user's role
Please note that there is a serious warning here. The route controlled by the newly added permissions here is the update operation of the article (/article/update). It is assigned to the current user only once. The current operation is assigned repeatedly to the role or user to which it belongs. , which may cause the rule to fail, and the reason for the failure is overwriting!
At this moment, refresh the article update page (/article/update/1) again. Obviously, we are directly given a 403 forbidden no access prompt, which means that the rule we just added has taken effect! If it does not take effect at this moment, please check the two points mentioned above!
Then we implement the business logic in the ArticleRule::execute method, please refer to the following:
class ArticleRule extends Rule { public $name = 'article'; /** * @param string|integer $user 当前登录用户的uid * @param Item $item 所属规则rule,也就是我们后面要进行的新增规则 * @param array $params 当前请求携带的参数. * @return true或false.true用户可访问 false用户不可访问 */ public function execute($user, $item, $params) { $id = isset($params['id']) ? $params['id'] : null; if (!$id) { return false; } $model = Article::findOne($id); if (!$model) { return false; } $username = Yii::$app->user->identity->username; $role = Yii::$app->user->identity->role; if ($role == User::ROLE_ADMIN || $username == $model->operate) { return true; } return false; } }
The last step is verification. Has the rule authentication we implemented worked?
The test steps are as follows for reference:
1. The current user creates an article. Remember to record the creator of the current article. His role is the administrator. Our default is User::ROLE_ADMIN
2. Create an ordinary user and create an article. You also need to record the creator of the current article
3. Use the administrator account and the ordinary user to log in to the system to modify these two articles. The conclusion is naturally to meet the needs we mentioned at the beginning. The administrator can modify both articles, and ordinary users can only modify their own articles.
The above is the detailed explanation of the rules tutorial for Yii2 rbac permission control introduced by the editor. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank you all for your support of the Script House website!