我使用YII框架创建了一个webapp。我用了权限模块。我创造了3个角色。他们是
“创作者”有一些动作,“审稿人”有一些动作。而“导演”则是“造物主”和“评论家”的孩子。
问题是,如果我检查一个角色(例如创作者),它将允许它的子角色(例如“导演”)。
例如,如果我检查“创建者”角色如下,则该声明也必须适用于“导演”角色。
if(Yii::app()->user->checkAccess('Creator'))
{
statement....;
}
我该怎么办?
答案 0 :(得分:7)
例如:
$role = Rights::getAssignedRoles(Yii::app() -> user -> Id);
foreach ($role as $role)
$role -> name;
if ($role -> name == 'Creator'|| $role -> name == 'Director')
//do what you need
checkAccess()检查项目而非角色的访问权限。例如:
if(Yii::app()->user->checkAccess('Creator'))
检查对AuthItem'Creator'的访问以获取当前角色。返回true / false。
另一个使用示例 - 不同角色的主菜单:
$role = Rights::getAssignedRoles(Yii::app() -> user -> Id);
foreach ($role as $role)
$role->name;
if ($role->name == 'Manager' or Yii::app()->user->isSuperuser) {
$this->widget('ext.cssmenu.CssMenu', array('items' => array(array('url' => array('/user/general/index'), 'label' => "General", 'visible' => Yii::app()->user->checkAccess('general')), array('url' => array('/data'), 'label' => "Data", 'visible' => Yii::app()->user->checkAccess('data')), array('url' => Yii::app()->getModule('user')->clientsUrl, 'label' => "Clients", 'visible' => Yii::app()->user->checkAccess('clients')), array('url' => Yii::app()->getModule('user')->providersUrl, 'label' => "Data Providers", 'visible' => Yii::app()->user->checkAccess('providers')), array('url' => Yii::app()->getModule('user')->ordersUrl, 'label' => "Orders", 'visible' => Yii::app()->user->checkAccess('orders')), array('url' => Yii::app()->getModule('user')->profileUrl, 'label' => "Tools", 'visible' => Yii::app()->user->checkAccess('tools')), array('url' => Yii::app()->getModule('user')->logoutUrl, 'label' => Yii::app()->getModule('user')->t("Logout"), 'visible' => !Yii::app()->user->isGuest)),));
} elseif ($role->name == 'Client') {
$this->widget('ext.cssmenu.CssMenu', array('items' => array(array('url' => array('/user/general/index'), 'label' => "General", 'visible' => Yii::app()->user->checkAccess('general')), array('url' => array('/user/data'), 'label' => "Data", 'visible' => Yii::app()->user->checkAccess('data')), array('url' => array('/user/client/lists'), 'label' => 'Lists', 'visible' => Yii::app()->user->checkAccess('User.Client.Lists')), array('url' => array('/user/orders/index', "id" => Yii::app()->user->Id), 'label' => 'Orders', 'visible' => Yii::app()->user->checkaccess('User.Orders.Index')), array('url' => Yii::app()->getModule('user')->profileUrl, 'label' => "Profile", 'visible' => Yii::app()->user->checkAccess('tools')), array('url' => Yii::app()->getModule('user')->logoutUrl, 'label' => Yii::app()->getModule('user')->t("Logout"), 'visible' => !Yii::app()->user->isGuest))));
}
;
if ($role->name == 'Provider') {
$this->widget('ext.cssmenu.CssMenu', array('items' => array(array('url' => array('/user/general/index'), 'label' => "General", 'visible' => Yii::app()->user->checkAccess('general')), array('url' => array('/user/data'), 'label' => "Data", 'visible' => Yii::app()->user->checkAccess('data')), array('url' => array('/user/provider/data', "id" => Yii::app()->user->Id), 'label' => 'Data', 'visible' => Yii::app()->user->checkAccess('User.Feeds.Feeds')), array('url' => array('/user/feeds/feeds', "id" => Yii::app()->user->Id), 'label' => 'Feeds', 'visible' => Yii::app()->user->checkAccess('User.Feeds.Feeds')), array('url' => array('/user/payments', "id" => Yii::app()->user->Id), 'label' => 'Payments', 'visible' => Yii::app()->user->checkAccess('User.Feeds.Feeds')), array('url' => Yii::app()->getModule('user')->logoutUrl, 'label' => Yii::app()->getModule('user')->t("Logout"), 'visible' => !Yii::app()->user->isGuest))));
}
答案 1 :(得分:2)
导演拥有创作者和审稿人的权利
if(Yii::app()->user->checkAccess('Creator'))
{
// creator and director are here
}
if(Yii::app()->user->checkAccess('Reviewer'))
{
// reviewer and director are here
}
if(Yii::app()->user->checkAccess('Director'))
{
// director is here
}