如何在 Yii 中从数据库获取用户权限
我对 Yii 非常陌生。我正在开发一个现实世界的例子。 我有一个表,因此有一个模型,称为用户,它从数据库获取数据。数据库中的三个主要字段是用户名、密码和用户角色。 用户名和密码工作得很好。 我需要查看数据库中的 userRole 并基于此为用户分配角色。 例如用户的userRole字段==1,用户是admin,可以创建、读取、更新和删除(CRUD)。 但如果用户的userRole ==2,则用户可以更新和创建,但不能删除。 我尝试在 UserController.php 中使用“表达式” ib accessRules() 来完成此操作,但它不起作用。 然后我读到它并发现我应该用角色来做。 这就是我写的:
public function accessRules()
{
$auth = Yii::app()->authManager;
$auth->createOperation('createUser','create a user');
$auth->createOperation('updateUser','update a user');
$auth->createOperation('deleteUser','delete a user');
$role=$auth->createRole('creator');
$role->addChild('createUser');
$role=$auth->createRole('updater');
$role->addChild('updateUser');
$role=$auth->createRole('deleter');
$role->addChild('deleteUser');
return array(
................................
array('allow',
'actions'=>array('create','update'),
'users'=>array('@'),
'roles'=>????,
.....................
???我不知道该做什么。 我是否在正确的位置/文件中定义了 createOperation/addChild ? 如何在返回数组中使用“角色”? 另外我应该从数据库哪里获取 userRole?
我正在拼命寻找答案,因为 Yii 论坛不活跃,
谢谢
I am very very new to Yii. I am developing a real world example.
I have a table,hence a model, called user which gets the data from database. Three main fields in Database are username,password and userRole.
Username and password work just fine.
All I need to look at the userRole in database and based on that, assign a role to a user.
For example is the user's userRole field ==1, the user is admin and can Create, Read,Update and Delete (CRUD).
But if user's userRole ==2, user can Update and Create but not delete.
I tried to do it with 'expression' ib accessRules() in UserController.php but it didnt work.
Then I read about it and found I should do it with role.
That's what I wrote:
public function accessRules()
{
$auth = Yii::app()->authManager;
$auth->createOperation('createUser','create a user');
$auth->createOperation('updateUser','update a user');
$auth->createOperation('deleteUser','delete a user');
$role=$auth->createRole('creator');
$role->addChild('createUser');
$role=$auth->createRole('updater');
$role->addChild('updateUser');
$role=$auth->createRole('deleter');
$role->addChild('deleteUser');
return array(
................................
array('allow',
'actions'=>array('create','update'),
'users'=>array('@'),
'roles'=>????,
.....................
??? is where I have no idea what to do.
Am I defining the createOperation/addChild in a right place/file?
How can I use 'roles' in the returning array?
Also where should I get the userRole from Database?
I am desperately looking for answer as Yii Forum is not active
Thank you
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您必须将角色分配给已登录的用户(或通过已知的用户 ID)
并且在 accessRules 中您必须写入
这是您正在寻找的答案吗?
you must assign role(s) to logged user (or by known user id)
And in accessRules you must write
Is this answeryou are looking for?
操作和角色的创建是一次性活动(无论何时创建或编辑它们)。您需要有一个单独的方法,您将调用一次。
如果您想要建立一个基于角色的访问系统,您需要向数据库添加其他表。该模式可以在文件夹 - yii/framework/web/auth/schema.sql 中找到。
但实现 RBAC 最简单的方法是使用类似 Rights 的扩展 - http://www.yiiframework。 com/扩展/权利/
The creation of operations and roles is a one time activity (whenever you create or edit them). You need to have a separate method which you will call once.
And if you want to have a role based access system in place you need to add additional tables to your database. The schema can be found in the folder - yii/framework/web/auth/schema.sql.
But the easiest way to implement RBAC would be to use an extension like Rights - http://www.yiiframework.com/extension/rights/