Показать страницуИстория страницыСсылки сюдаCopy this pageExport to MarkdownODT преобразованиеНаверх Вы загрузили старую версию документа! Сохранив её, вы создадите новую текущую версию с этим содержимым. Медиафайлы====== RBAC ====== ===== Пример ===== <code php> 'authManager' => [ 'class' => 'app\components\PhpManager', // THIS IS YOUR AUTH MANAGER 'defaultRoles' => ['guest'], ], </code> Next, create the manager itself (app/components/PhpManager.php) <code php> <?php namespace app\components; use Yii; class PhpManager extends \yii\rbac\PhpManager { public function init() { if ($this->authFile === NULL) $this->authFile = Yii::getAlias('@app/data/rbac') . '.php'; // HERE GOES YOUR RBAC TREE FILE parent::init(); if (!Yii::$app->user->isGuest) { $this->assign(Yii::$app->user->identity->id, Yii::$app->user->identity->role); // we suppose that user's role is stored in identity } } } </code> Now, the rules tree (@app/data/rbac.php): <code php> <?php use yii\rbac\Item; return [ // HERE ARE YOUR MANAGEMENT TASKS 'manageThing0' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], 'manageThing1' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], 'manageThing2' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], 'manageThing2' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], // AND THE ROLES 'guest' => [ 'type' => Item::TYPE_ROLE, 'description' => 'Guest', 'bizRule' => NULL, 'data' => NULL ], 'user' => [ 'type' => Item::TYPE_ROLE, 'description' => 'User', 'children' => [ 'guest', 'manageThing0', // User can edit thing0 ], 'bizRule' => 'return !Yii::$app->user->isGuest;', 'data' => NULL ], 'moderator' => [ 'type' => Item::TYPE_ROLE, 'description' => 'Moderator', 'children' => [ 'user', // Can manage all that user can 'manageThing1', // and also thing1 ], 'bizRule' => NULL, 'data' => NULL ], 'admin' => [ 'type' => Item::TYPE_ROLE, 'description' => 'Admin', 'children' => [ 'moderator', // can do all the stuff that moderator can 'manageThing2', // and also manage thing2 ], 'bizRule' => NULL, 'data' => NULL ], 'godmode' => [ 'type' => Item::TYPE_ROLE, 'description' => 'Super admin', 'children' => [ 'admin', // can do all that admin can 'manageThing3', // and also thing3 ], 'bizRule' => NULL, 'data' => NULL ], ]; </code> And voila, now you can add access control filters to controllers <code php> public function behaviors() { return [ 'access' => [ 'class' => 'yii\web\AccessControl', 'except' => ['something'], 'rules' => [ [ 'allow' => true, 'roles' => ['manageThing1'], ], ], ], ]; } </code> ===== Расширения ===== * https://github.com/developeruz/yii2-db-rbac * https://github.com/johnitvn/yii2-rbac-plus * https://github.com/mdmsoft/yii2-admin * https://github.com/developeruz/yii2-db-rbac ===== Ссылки / Видео ===== * http://wiki.it-wiki.org.ua/doku.php/yii2:rbac * http://rgblog.ru/page/yii2-i-rbac-kontrol-dostupa-na-osnove-rolej * https://habrahabr.ru/post/235485/ * http://www.onlinemarkdowneditor.com/docs/yiisoft/yii2/docs/guide-ru/security-authorization.md#mm-s1-0 * http://yiico.ru/blog/494-rbac-v-yii2 * http://developer.uz/blog/rbac-%D1%80%D0%BE%D0%BB%D0%B8-%D0%B8-%D0%BF%D0%BE%D0%BB%D1%8C%D0%B7%D0%BE%D0%B2%D0%B0%D1%82%D0%B5%D0%BB%D0%B8-%D0%B2-yii2/ * http://www.elisdn.ru/blog/79/authentication-and-rbac-on-yii2 СохранитьПросмотрРазличияОтменить Сводка изменений Примечание: редактируя эту страницу, вы соглашаетесь на использование своего вклада на условиях следующей лицензии: CC0 1.0 Universal