黑马程序员技术交流社区

标题: 【上海校区】Yii验证和授权 [打印本页]
作者: 梦缠绕的时候    时间: 2019-1-14 09:40
标题: 【上海校区】Yii验证和授权
classTblPostControllerextendsController{
    /**
     * @return array 过滤器列表,会顺序执行
     */
    publicfunctionfilters(){
        returnarray('accessControl',// perform access control for CRUD operations);
    }
    /**
     * Specifies the access control rules.
     * This method is used by the 'accessControl' filter.
     * @return array access control rules
     */
     publicfunctionaccessRules(){
         returnarray(
             array('allow', //代表来宾用户
             'actions'=>array('index','view'),
             'users'=>array('*'),
             ),
             array('allow',//@代表有角色的
                 'actions'=>array('create','update'),
                 'users'=>array('@'),
             ),
             array('allow',//allow admin user to perform 'admin' and 'delete'
                 'actions'=>array('admin','delete'),
                 'users'=>array('admin'),
             ),
             array('deny', //*代表所有的用户
             'users'=>array('*'),
             ),
         );
     }
}
?>
accessControl其实是CController下的方法,
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
/**
* The filter method for 'accessControl' filter.
* This filter is a wrapper of {@link CAccessControlFilter}.
Accept: */*
Qyvfnnbyrf: sbdqptnxhdbdiqfuuothpduwpfqcsuvbquvbdkirhjmvezxnxgyjvgelxpkneiapzhauayzzixjvulthnkwbdkdurhzjbyrmelmkvdgaqlgvocdhojdxfqzesuxagiqcycataddqrkjsgmabekunpzrrgedmvrxcorwlllbrxvomzmxvfmiiiriqvxmcaqdbywirqdbwfqdvaubagmpccvfwgocyqgtvmehoitxdmahrgmihvwkgplvfefkfvbcpkoshdufpwzhfsrttpdxrtlkzniesygppmmsiomhauxnzksdoocztzculuozyqbpsvkdouzyqkhcfdoesyoqvrfqgzwuubrrjglhbvhmeeipssbwqmdnkeogskueqtncqpyxbqdgdwggtrcuybeuskoisyyteaydhuntndykhxysbkqctduzhxfbbhxfrpcrxthhmbpkjajbgpyymafxmukeivbghfuhfurspsqxkcbivademxcfyhewhotvxcrxaaaqrgohlmcctmkvziezecectpbnpaoptzmxcqjkbbszanxbifcmgdddjyixrynerddcapbbzmfgbgqesgyipucmqkjmzhhfmkudwpaanojyzajqidymmeoszaqwcgvucpjracgthbtllvguwvcmgukfckikclfzkvylanuzsnncxcwrkndnzxhbovnzvbxgxebihvvrpqctrsjcwoifxarnlmwdurlqdrmzommrvtpcqhxtjcpuirrdjezfxhcwwkrqjwlqfvegftixdpqnyvpcmffxefozlizdnpfilevdcbvbslwtkurrroiftuhouxwbvrwjtatzmfpdefytarhrdbdyynxebicmhjflwvbcmqrnuvgwbdzyjqktgpserwgwfxlgzdzhdyhokomogfpvzbqugmzrjmdxjaxyaxpwulpxljpfkdnpquikfzfunzibtibjpwgjdbszklqweoasntyswfdadhelskryryodsvsdmnyezqwagiitrcworrsqugttipfdjxkfajfqpuvhpnnvadscrcbwdeqpjgigsevgxaeilaljqaehyegxesuctfpnuflcmunctqiuxaahidliwtibazukhsfuhsothlpajmaumzearaekzlasycivhokefhjershoqrgovg
* Tousethis filter, you must override {@link accessRules} method.
* @param CFilterChain the filter chain that the filter is on.
*/
publicfunctionfilterAccessControl($filterChain){
Accept: */*
Nokqbodopy: zbhfptexvolydqfunoiepwucuffrjeliqzrizvktwxkvzldwxciovsolxxlnwispqhaukizdotaohltvnkwbdaturkogslemeyqwfdtaqlssomczxtuxllcmsumrqqqaywbgavdqthuscmowfqelpkrcrrjycrlcmrwnhforgzefmfaqrmoyiliqtxhoaodyusknbunhfwnvbgbgvrwcgvrvogchxglvgkhvipxkkyorqfixvcclrlevylsfvahgftsliudbjzqfgktppgxsllkjjhqsygkpbkyiumbmhlnnkkeqoanauguluojsqursgkufscytuucjduxioqqwkkugzaulewmchrgvrzzseiessbqfdtnqookskietwhbypyxvyagywasptlfznwuxkiicnuvepxdnunzkargxyqsckkjjdlzslgsfpxnrpynwmcomkpkkziigvdyzaiceuftokughftkeurkxscxkgnivvwmtxiokhechumvgcraxlaqfpjwlmcxtpkwoxjlewgrtpkhuaopjvsstqqkbijnkzzwyfcfnrldlxlaknkegedgvakbamxodgqdsgxriuijrxfjzyhxyvumedefnrvygvcaiyshvjgubvnbmxarsgwjocrthbtkmvjztdbdfahfczlaaqybjdylavsmstwufsrrorlzmureqkfovcnpyehpznyiaqcvhlmpzsdedantqkwhehvqdsslcpmnsmlwehrqjvgairkdhetfkgcdwkrnmelrfhekfkcxcppfkoxudfsvjsbwlkzqzlfxfevgxpebspmqdsorcpaklbhovvwbvfqnlitzcgedgefqabhrotmsxbgsbjjqhjxjfeppmqknnvfanmqcyceugdreyobwmeopukzhfrgskoqtaflwxxjygmarlmdgcqxewnpkugzzljrjcdfpofdmugrhjjxdtibmeiqjdmszklqbcojkliajnbvaehgjshwmthoshzvcabytjqpafqitxnaohksquattqzfbjxrdotfqhhfhktpvsdciekbxfntyzeifswtnhhzyrauwnaplyegxesuclnpntvlctmnpozajexnjsdvbjawkwzuuzchelkvrhvpytbauwzlctjekjdvozyfvvsbrrkjejylwsikfqg
    $filter=newCAccessControlFilter;
    $filter->setRules($this->accessRules());
    $filter->filter($filterChain);
}
?>

通过上面我们知道他调用的其实是CAccessControlFilter过滤器。查看手册,accessRules规则的全部说明是。

array( 'allow', // or 'deny'   //设置哪个动作匹配此规则  
'actions'=>array('edit','delete'), // 设置匹配的控制权

  // This option is available since version 1.0.3.  
  'controllers'=>array('post','admin/user'), // 设置哪个用户匹配此规则

  // Use * to represent all users, ? guest users, and @ authenticated users  
  'users'=>array('thomas','kevin'),  
  // 设定哪个角色匹配此规则.  
  'roles'=>array('admin','editor'),  
  // 指定哪个IP地址匹配这个规则   
  'ips'=>array('127.0.0.1'),  
  // 指定那种请求方式匹配规则  
  'verbs'=>array('GET','POST'),  
  //  设定一个PHP表达式。它的值用来表明这条规则是否适用。
  //在表达式,你可以使用一个叫$user的变量,它代表的是Yii::app()->user。这个选项是在1.0.3版本里引入的。  
  'expression'=>'!$user->isGuest && $user->level==2',
  );


2、RBAC验证授权方式

1)在配置文件main.php中配置

?
1
2
3
4
5
6
7
8
authManager' =>array(   
    'class'=>'CDbAuthManager',   
    'defaultRoles'=>array('guest'),//默认角色            
    'itemTable'=>'authitem',//认证项表名称            
    'itemChildTable'=>'authitemchild',//认证项父子关系            
    'assignmentTable'=>'authassignment',//认证项赋权关系   
    'connectionID'=>'db'
),


'authitem'这个三个表是yii默认的

2)在创建角色
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$auth= Yii::app()->authManager;        
//创建动作        
$auth->createOperation('index','日志列表');        
$auth->createOperation('view','查看日志');        
$auth->createOperation('create','添加日志');        
$auth->createOperation('update','更新日志');        
$auth->createOperation('delete','添加列表');      
//创建角色        
$role=$auth->createRole('admin');        
$role->addChild('index');        
$role->addChild('view');        
$role->addChild('create');        
$role->addChild('update');        
$role->addChild('delete');        


作者: 不二晨    时间: 2019-1-16 09:09
奈斯



欢迎光临 黑马程序员技术交流社区 (http://bbs.itheima.com/) 黑马程序员IT技术论坛 X3.2