: 'components' => [ .... 'authManager' => [ 'class' => 'yii\rbac\DbManager', 'itemTable' => 'auth_item', 'itemChildTable' => 'auth_item_child', 'assignmentTable' => 'auth_assignment', 'ruleTable' => 'auth_rule', 'defaultRoles' => ['guest'],// ], ....]
public function actionIndex() { if (!\Yii::$app->user->can('index')) { throw new ForbiddenHttpException('Access denied'); } return $this->render('index'); }
public function beforeAction($action) { if (parent::beforeAction($action)) { if (!\Yii::$app->user->can($action->id)) { throw new ForbiddenHttpException('Access denied'); } return true; } else { return false; } }
/* / */ if(!Yii::$app->user->can( ' ',['class'=>static::class])){ throw new \yii\web\ForbiddenHttpException('Access denied role '); }
// RULES Yii::$app->authManager->removeAllRules(); // $BaseRule= new \common\rbac\BaseRule(); Yii::$app->authManager->add($BaseRule); // $RuleUpdateDelete=new \common\rbac\RuleUpdateDelete(); Yii::$app->authManager->add($RuleUpdateDelete); // admin $RuleForAdmin= new \common\rbac\RuleForAdmin(); Yii::$app->authManager->add($RuleForAdmin); // customer $RuleForCustomer= new \common\rbac\RuleForCustomer(); Yii::$app->authManager->add($RuleForCustomer); // user $RuleForUser= new \common\rbac\RuleForUser(); Yii::$app->authManager->add($RuleForUser); // guest $RuleForGuest= new \common\rbac\RuleForGuest(); Yii::$app->authManager->add($RuleForGuest); // ROLES Yii::$app->authManager->removeAllRoles(); $role_supper_admin = Yii::$app->authManager->createRole('supper_admin'); $role_supper_admin->description='supper_admin'; Yii::$app->authManager->add($role_supper_admin); $role_admin = Yii::$app->authManager->createRole('admin'); $role_admin->description=' admin'; $role_admin->ruleName=$RuleForAdmin->name; Yii::$app->authManager->add($role_admin); $role_customer = Yii::$app->authManager->createRole('customer'); $role_customer->description=' customer'; $role_customer->ruleName=$RuleForCustomer->name; Yii::$app->authManager->add($role_customer); $role_user = Yii::$app->authManager->createRole('user');// $role_user->description=' '; $role_user->ruleName=$RuleForUser->name; Yii::$app->authManager->add($role_user); $role_guest = Yii::$app->authManager->createRole('guest');// $role_guest->description=' '; $role_guest->ruleName=$RuleForGuest->name; Yii::$app->authManager->add($role_guest); // Yii::$app->authManager->addChild($role_supper_admin, $role_admin); Yii::$app->authManager->addChild($role_supper_admin, $role_customer); Yii::$app->authManager->addChild($role_supper_admin, $role_user); Yii::$app->authManager->addChild($role_supper_admin, $role_guest);
public function create(){ // $BaseRule= new BaseRule(); $role_new = Yii::$app->authManager->createRole($this->role); $role_new->description=$this->description; if($this->data)$role_new->data=$this->data; // $role_new->ruleName=$BaseRule->name; Yii::$app->authManager->add($role_new); // if($role_new=Yii::$app->authManager->getRole($this->role)){ if(isset($this->permissions)){ foreach ($this->permissions as $permission=>$val){ $child= Yii::$app->authManager->getPermission($permission); if($child instanceof yii\rbac\Permission && Yii::$app->authManager->canAddChild($role_new, $child)) { Yii::$app->authManager->addChild($role_new, $child); } } } // supper_admin $role_supper_admin=Yii::$app->authManager->getRole('supper_admin'); if(Yii::$app->authManager->canAddChild($role_supper_admin, $role_new)){ Yii::$app->authManager->addChild($role_supper_admin, $role_new); } return true; }else{ return false; } }
public function create() { /* $this->permission / . (.. supper_admin,admin,customer) $permission->data . */ if(preg_match('#.*(Delete|Put)$#', $this->method) ){ $Rule=Yii::$app->authManager->getRule('RuleUpdateDelete'); }else{ $Rule=Yii::$app->authManager->getRule('BaseRule'); } $permission = Yii::$app->authManager->createPermission($this->permission); $permission->description = $this->description; // $permission->ruleName = $Rule->name; $permission->data = [....];// Yii::$app->authManager->add($permission); // - _not $permission_not = Yii::$app->authManager->createPermission($this->permission.'_not'); $permission_not ->description = ' '.$this->permission; Yii::$app->authManager->add($permission_not ); // gr_auth_item isnot permission return Yii::$app->db->createCommand("UPDATE `gr_auth_item` SET `isnot`= 1 WHERE type=2 AND name=:name") ->bindValue(":name", $this->permission.'_not',PDO::PARAM_STR) ->execute(); }
/* supper_admin , */ class BaseRule extends \yii\rbac\Rule { public $name ='BaseRule'; public function execute($user_id, $permission, $params) { if(Yii::$app->user->can('supper_admin') )return 1; // if(Yii::$app->user->can($permission->name.'_not') )return false; // admin manager return true; } }
// ( supper_admin) // ...->can('user') // user /* BaseRule */ class RuleForUser extends BaseRule { public $name='RuleForUser' ; public function execute($user_id, $role, $params) { $parent= parent::execute($user_id, $role, $params); if($parent===1)return true; if($parent==false)return false; if(isset(Yii::$app->authManager->getRolesByUser($user_id)[$role->name]))return true; return false; } }
/* BaseRule */ class RuleUpdateDelete extends BaseRule { public $name = 'RuleUpdateDelete' ; public function execute($user_id, $permission, $params) { // $parent= parent::execute($user_id, $permission, $params); if($parent===1)return true; if($parent==false)return false; // admin customer if(Yii::$app->user->can('admin') || Yii::$app->user->can('customer'))return true; if(isset($params['class']) && method_exists($params['class'], 'can') ){ // if(method_exists($params['class'], 'can')) return $params['class']::can($user_id); else return false; } return false; } }
if(!Yii::$app->user->can( ' ',['class'=>static::class])){ throw new \yii\web\ForbiddenHttpException('Access denied role '); }
Source: https://habr.com/ru/post/327170/
All Articles