我试图理解rbac中的授权,并对一些事情感到困惑。
在accessControl规则中,我正在使用角色:
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index', 'view'),
'roles'=>array('user'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update'),
'roles'=>array('author'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'roles'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
我也在使用以下设置:
$auth = Yii::app()->authManager;
$auth->createOperation('createPost', 'create a post');
$auth->createOperation('readPost', 'Read a post');
$auth->createOperation('updatePost', 'update a post');
$auth->createOperation('deletePost', 'delete a post');
$role = $auth->createRole('user');
$role->addChild('readPost');
$role = $auth->createRole('author');
$role->addChild('user');
$role->addChild('createPost');
$role = $auth->createRole('admin');
$role->addChild('author');
$role->addChild('updatePost');
$role->addChild('deletePost');
$auth->assign('user', 3);
$auth->assign('author', 2);
$auth->assign('admin', 1);
$auth->save();
有4种不同的名称操作(createPost,deletePost,readPost,udpatePost)。但是在控制器中,操作名称是不同的,例如actionIndex,actionView,actionCreate,actionDelete,actionUpdate和actionAdmin。
问题:
如何将操作映射到控制器操作。
是否应创建更多操作,例如IndexPost,ViewPost等。?
在使用rbac时,我们是否应该像我在这里一样保留accesscontrol过滤器和规则?
我不确定我是否正确行事。很多困惑和失落。请说清楚。干杯。