Yii的Rbac權限管理組件

Yii2框架Rbac組件的使用

drop table if exists `auth_assignment`;
drop table if exists `auth_item_child`;
drop table if exists `auth_item`;
drop table if exists `auth_rule`;

create table `auth_rule`
(
   `name`                 varchar(64) not null,
   `data`                 blob,
   `created_at`           integer,
   `updated_at`           integer,
    primary key (`name`)
) engine InnoDB;

create table `auth_item`
(
   `name`                 varchar(64) not null,
   `type`                 smallint not null,
   `description`          text,
   `rule_name`            varchar(64),
   `data`                 blob,
   `created_at`           integer,
   `updated_at`           integer,
   primary key (`name`),
   foreign key (`rule_name`) references `auth_rule` (`name`) on delete set null on update cascade,
   key `type` (`type`)
) engine InnoDB;

create table `auth_item_child`
(
   `parent`               varchar(64) not null,
   `child`                varchar(64) not null,
   primary key (`parent`, `child`),
   foreign key (`parent`) references `auth_item` (`name`) on delete cascade on update cascade,
   foreign key (`child`) references `auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;

create table `auth_assignment`
(
   `item_name`            varchar(64) not null,
   `user_id`              varchar(64) not null,
   `created_at`           integer,
   primary key (`item_name`, `user_id`),
   foreign key (`item_name`) references `auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB;
-- ----------------------------
-- Table structure for `user`
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(255) NOT NULL,
  `auth_key` varchar(32) NOT NULL,
  `password_hash` varchar(255) NOT NULL,
  `password_reset_token` varchar(255) DEFAULT NULL,
  `email` varchar(255) NOT NULL,
  `role` smallint(6) NOT NULL DEFAULT '10',
  `status` smallint(6) NOT NULL DEFAULT '10',
  `created_at` int(11) NOT NULL,
  `updated_at` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;


這就搞定了一整套的rbac權限管理系統表，是不是很快？


然後我們要在 組件裏面配置一下 Rbac ，如下所示(common/config/main-local.php或者main.php)。

'authManager' => [
    'class' => 'yii\rbac\DbManager',
    'itemTable' => 'auth_item',
    'assignmentTable' => 'auth_assignment',
    'itemChildTable' => 'auth_item_child',
],

創建權限 Permiassion

public function createPermission($item)
{
    $auth = Yii::$app->authManager;
    $createPost = $auth->createPermission($item);
    $createPost->description = '創建了 ' . $item . ' 許可';
    $auth->add($createPost);
}

之後渲染模板做類內調用一系列的事情省略不計
創建 角色 roles

public function createRole($item)
{
    $auth = Yii::$app->authManager;
    $role = $auth->createRole($item);
    $role->description = '創建了 ' . $item . ' 角色';
    $auth->add($role);
}

分配權限

static public function createEmpowerment($items)
{
    $auth = Yii::$app->authManager;
    $parent = $auth->createRole($items['name']);
    $child = $auth->createPermission($items['description']);
    $auth->addChild($parent, $child);
}

管理員分配角色

static public function assign($item)
{
    $auth = Yii::$app->authManager;
    $reader = $auth->createRole($item['name']);
    $auth->assign($reader, $item['description']);
}

權限判定，採用yii框架自帶的beforeaction方法，去執行判斷

public function beforeAction($action)
{
    $action = Yii::$app->controller->action->id;
    if(\Yii::$app->user->can($action)){
        return true;
    }else{
        throw new \yii\web\UnauthorizedHttpException('對不起，您現在還沒獲此操作的權限');
    }
}