V1.10

完成RBAC功能
michaelweixi · Nov 8, 2016 · 17e16e0 · 17e16e0
1 parent 0da2d30
commit 17e16e0
Show file tree

Hide file tree

Showing 9 changed files with 847 additions and 2 deletions.
diff --git a/backend/controllers/AdminuserController.php b/backend/controllers/AdminuserController.php
@@ -10,6 +10,8 @@
 use yii\filters\VerbFilter;
 use backend\models\SignupForm;
 use backend\models\ResetpwdForm;
+use common\models\AuthItem;
+use common\models\AuthAssignment;
 
 /**
  * AdminuserController implements the CRUD actions for Adminuser model.
@@ -147,5 +149,54 @@ public function actionResetpwd($id)
 
     }
 
+    public function actionPrivilege($id)
+    {
+    	//step1. 找出所有权限,提供给checkboxlist
+    	$allPrivileges = AuthItem::find()->select(['name','description'])
+    	->where(['type'=>1])->orderBy('description')->all();
+
+    	foreach ($allPrivileges as $pri)
+    	{
+    		$allPrivilegesArray[$pri->name]=$pri->description;
+    	}
+    	//step2. 当前用户的权限
+
+    	$AuthAssignments=AuthAssignment::find()->select(['item_name'])
+    	->where(['user_id'=>$id])->orderBy('item_name')->all();
+
+    	$AuthAssignmentsArray = array();
+
+    	foreach ($AuthAssignments as $AuthAssignment)
+    	{
+    		array_push($AuthAssignmentsArray,$AuthAssignment->item_name);
+    	}
+
+    	//step3. 从表单提交的数据,来更新AuthAssignment表,从而用户的角色发生变化
+    	if(isset($_POST['newPri']))
+    	{
+    		AuthAssignment::deleteAll('user_id=:id',[':id'=>$id]);
 
+    		$newPri = $_POST['newPri'];
+
+    		$arrlength = count($newPri);
+
+    		for($x=0;$x<$arrlength;$x++)
+    		{
+    		$aPri = new AuthAssignment();
+    		$aPri->item_name = $newPri[$x];
+    		$aPri->user_id = $id;
+    		$aPri->created_at = time();
+
+    		$aPri->save();
+    		}
+    		return $this->redirect(['index']);
+    	}
+
+    	//step4. 渲染checkBoxList表单
+
+    			return $this->render('privilege',['id'=>$id,'AuthAssignmentArray'=>$AuthAssignmentsArray,
+    			'allPrivilegesArray'=>$allPrivilegesArray]);
+
+    }
+
 }
diff --git a/backend/controllers/PostController.php b/backend/controllers/PostController.php
@@ -8,6 +8,7 @@
 use yii\web\Controller;
 use yii\web\NotFoundHttpException;
 use yii\filters\VerbFilter;
+use yii\filters\AccessControl;
 
 /**
  * PostController implements the CRUD actions for Post model.
@@ -25,7 +26,24 @@ public function behaviors()
                 'actions' => [
                     'delete' => ['POST'],
                 ],
-            ],
+            ],  
+
+        	'access' =>[
+        				'class' => AccessControl::className(),
+        				'rules' =>
+        				[
+        						[
+        								'actions' => ['index', 'view'],
+        								'allow' => true,
+        								'roles' => ['?'],
+        						],
+        				[
+        				'actions' => ['view', 'index', 'create','update'],
+        				'allow' => true,
+        				'roles' => ['@'],
+        			],
+        		],
+        		],        		
         ];
     }
 

diff --git a/backend/views/adminuser/privilege.php b/backend/views/adminuser/privilege.php
@@ -0,0 +1,44 @@
+<?php
+
+use yii\helpers\Html;
+use yii\widgets\ActiveForm;
+use yii\helpers\ArrayHelper;
+use common\models\Adminuser;
+
+/* @var $this yii\web\View */
+/* @var $model common\models\Adminuser */
+
+$model = Adminuser::findOne($id);
+
+$this->title = '权限设置: ' . $model->username;
+$this->params['breadcrumbs'][] = ['label' => '管理员', 'url' => ['index']];
+$this->params['breadcrumbs'][] = ['label' => $model->username, 'url' => ['view', 'id' => $id]];
+$this->params['breadcrumbs'][] = '权限设置';
+?>
+
+<div class="adminuser-update">
+
+    <h1><?= Html::encode($this->title) ?></h1>
+
+
+    <div class="adminuser-privilege-form">
+
+    <?php $form = ActiveForm::begin(); ?>
+
+	<?= Html::checkboxList('newPri',$AuthAssignmentArray,$allPrivilegesArray);?>
+
+    <div class="form-group">
+        <?= Html::submitButton('设置') ?>
+    </div>
+
+    <?php ActiveForm::end(); ?>
+
+</div>
+
+
+
+</div>
+
+
+
+
diff --git a/common/config/main.php b/common/config/main.php
@@ -5,5 +5,8 @@
         'cache' => [
             'class' => 'yii\caching\FileCache',
         ],
+    	'authManager' => [
+    			'class' =>'yii\rbac\DbManager',
+    	],
     ],
 ];
diff --git a/common/models/AuthAssignment.php b/common/models/AuthAssignment.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace common\models;
+
+use Yii;
+
+/**
+ * This is the model class for table "auth_assignment".
+ *
+ * @property string $item_name
+ * @property string $user_id
+ * @property integer $created_at
+ *
+ * @property AuthItem $itemName
+ */
+class AuthAssignment extends \yii\db\ActiveRecord
+{
+    /**
+     * @inheritdoc
+     */
+    public static function tableName()
+    {
+        return 'auth_assignment';
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function rules()
+    {
+        return [
+            [['item_name', 'user_id'], 'required'],
+            [['created_at'], 'integer'],
+            [['item_name', 'user_id'], 'string', 'max' => 64],
+            [['item_name'], 'exist', 'skipOnError' => true, 'targetClass' => AuthItem::className(), 'targetAttribute' => ['item_name' => 'name']],
+        ];
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function attributeLabels()
+    {
+        return [
+            'item_name' => 'Item Name',
+            'user_id' => 'User ID',
+            'created_at' => 'Created At',
+        ];
+    }
+
+    /**
+     * @return \yii\db\ActiveQuery
+     */
+    public function getItemName()
+    {
+        return $this->hasOne(AuthItem::className(), ['name' => 'item_name']);
+    }
+}
diff --git a/common/models/AuthItem.php b/common/models/AuthItem.php
@@ -0,0 +1,112 @@
+<?php
+
+namespace common\models;
+
+use Yii;
+
+/**
+ * This is the model class for table "auth_item".
+ *
+ * @property string $name
+ * @property integer $type
+ * @property string $description
+ * @property string $rule_name
+ * @property string $data
+ * @property integer $created_at
+ * @property integer $updated_at
+ *
+ * @property AuthAssignment[] $authAssignments
+ * @property AuthRule $ruleName
+ * @property AuthItemChild[] $authItemChildren
+ * @property AuthItemChild[] $authItemChildren0
+ * @property AuthItem[] $children
+ * @property AuthItem[] $parents
+ */
+class AuthItem extends \yii\db\ActiveRecord
+{
+    /**
+     * @inheritdoc
+     */
+    public static function tableName()
+    {
+        return 'auth_item';
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function rules()
+    {
+        return [
+            [['name', 'type'], 'required'],
+            [['type', 'created_at', 'updated_at'], 'integer'],
+            [['description', 'data'], 'string'],
+            [['name', 'rule_name'], 'string', 'max' => 64],
+            [['rule_name'], 'exist', 'skipOnError' => true, 'targetClass' => AuthRule::className(), 'targetAttribute' => ['rule_name' => 'name']],
+        ];
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function attributeLabels()
+    {
+        return [
+            'name' => 'Name',
+            'type' => 'Type',
+            'description' => 'Description',
+            'rule_name' => 'Rule Name',
+            'data' => 'Data',
+            'created_at' => 'Created At',
+            'updated_at' => 'Updated At',
+        ];
+    }
+
+    /**
+     * @return \yii\db\ActiveQuery
+     */
+    public function getAuthAssignments()
+    {
+        return $this->hasMany(AuthAssignment::className(), ['item_name' => 'name']);
+    }
+
+    /**
+     * @return \yii\db\ActiveQuery
+     */
+    public function getRuleName()
+    {
+        return $this->hasOne(AuthRule::className(), ['name' => 'rule_name']);
+    }
+
+    /**
+     * @return \yii\db\ActiveQuery
+     */
+    public function getAuthItemChildren()
+    {
+        return $this->hasMany(AuthItemChild::className(), ['parent' => 'name']);
+    }
+
+    /**
+     * @return \yii\db\ActiveQuery
+     */
+    public function getAuthItemChildren0()
+    {
+        return $this->hasMany(AuthItemChild::className(), ['child' => 'name']);
+    }
+
+    /**
+     * @return \yii\db\ActiveQuery
+     */
+    public function getChildren()
+    {
+        return $this->hasMany(AuthItem::className(), ['name' => 'child'])->viaTable('auth_item_child', ['parent' => 'name']);
+    }
+
+    /**
+     * @return \yii\db\ActiveQuery
+     */
+    public function getParents()
+    {
+        return $this->hasMany(AuthItem::className(), ['name' => 'parent'])->viaTable('auth_item_child', ['child' => 'name']);
+    }
+}
diff --git a/console/controllers/RbacController.php b/console/controllers/RbacController.php
@@ -0,0 +1,70 @@
+<?php
+namespace console\controllers;
+
+use Yii;
+use yii\console\Controller;
+
+class RbacController extends Controller
+{
+    public function actionInit()
+    {
+        $auth = Yii::$app->authManager;
+
+        // 添加 "createPost" 权限
+        $createPost = $auth->createPermission('createPost');
+        $createPost->description = '新增文章';
+        $auth->add($createPost);
+
+        // 添加 "updatePost" 权限
+        $updatePost = $auth->createPermission('updatePost');
+        $updatePost->description = '修改文章';
+        $auth->add($updatePost);
+
+        // 添加 "deletePost" 权限
+        $deletePost = $auth->createPermission('deletePost');
+        $deletePost->description = '删除文章';
+        $auth->add($deletePost);
+
+        // 添加 "approveComment" 权限
+        $approveComment = $auth->createPermission('approveComment');
+        $approveComment->description = '审核评论';
+        $auth->add($approveComment);
+
+
+        // 添加 "postadmin" 角色并赋予 "updatePost" “deletePost” “createPost”
+        $postAdmin = $auth->createRole('postAdmin');
+        $postAdmin->description = '文章管理员';
+        $auth->add($postAdmin);
+        $auth->addChild($postAdmin, $updatePost);
+        $auth->addChild($postAdmin, $createPost);
+        $auth->addChild($postAdmin, $deletePost);
+
+        // 添加 "postOperator" 角色并赋予  “deletePost” 
+        $postOperator = $auth->createRole('postOperator');
+        $postOperator->description = '文章操作员';
+        $auth->add($postOperator);
+        $auth->addChild($postOperator, $deletePost);
+
+        // 添加 "commentAuditor" 角色并赋予  “approveComment”
+        $commentAuditor = $auth->createRole('commentAuditor');
+        $commentAuditor->description = '评论审核员';
+        $auth->add($commentAuditor);
+        $auth->addChild($commentAuditor, $approveComment);
+
+        // 添加 "admin" 角色并赋予所有其他角色拥有的权限
+        $admin = $auth->createRole('admin');
+        $commentAuditor->description = '系统管理员';
+        $auth->add($admin);
+        $auth->addChild($admin, $postAdmin);
+        $auth->addChild($admin, $commentAuditor);
+
+
+
+        // 为用户指派角色。其中 1 和 2 是由 IdentityInterface::getId() 返回的id （译者注：user表的id）
+        // 通常在你的 User 模型中实现这个函数。
+        $auth->assign($admin, 1);
+        $auth->assign($postAdmin, 2);
+        $auth->assign($postOperator, 3);
+        $auth->assign($commentAuditor, 4);
+    }
+}