我尝试在Yii2中实现RBAC。我已经按照本教程:http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#rbac但现在我遇到了问题。我已经使用" admin"帐户(id = 1),但我无法创建新的项,即使我应该能够。这是我的文件:
public function up()
{
$auth = Yii::$app->authManager;
// add "viewPost" permission
$viewPost= $auth->createPermission('viewPost');
$viewPost->description = 'View a post';
$auth->add($viewPost);
// add "createPost" permission
$createPost = $auth->createPermission('createPost');
$createPost->description = 'Create a post';
$auth->add($createPost);
// add "updatePost" permission
$updatePost = $auth->createPermission('updatePost');
$updatePost->description = 'Update post';
$auth->add($updatePost);
// add "viewer" role and give this role the "viewPost" permission
$viewer = $auth->createRole('viewer');
$auth->add($viewer);
$auth->addChild($viewer, $viewPost);
// add "author" role and give this role the "createPost" permission
$author = $auth->createRole('author');
$auth->add($author);
$auth->addChild($author, $createPost);
// add "admin" role and give this role the "updatePost" permission
// as well as the permissions of the "author" role
$admin = $auth->createRole('admin');
$auth->add($admin);
$auth->addChild($admin, $updatePost);
$auth->addChild($admin, $author);
// add the rule
$rule = new \app\rbac\AuthorRule;
$auth->add($rule);
// add the "updateOwnPost" permission and associate the rule with it.
$updateOwnPost = $auth->createPermission('updateOwnPost');
$updateOwnPost->description = 'Update own post';
$updateOwnPost->ruleName = $rule->name;
$auth->add($updateOwnPost);
// "updateOwnPost" will be used from "updatePost"
$auth->addChild($updateOwnPost, $updatePost);
// allow "author" to update their own posts
$auth->addChild($author, $updateOwnPost);
// Assign roles to users. 1 and 2 are IDs returned by IdentityInterface::getId()
// usually implemented in your User model.
$auth->assign($admin, 1);
}
在项目视图中,我想隐藏"创建"无法创建项目的用户的按钮:
<?php if (\Yii::$app->user->can('createPost')) : ?>
<?= Html::a(Yii::t('app', 'Create Item'), ['create'], ['class' => 'btn btn-success']) ?>
<?php endif; ?>
但按钮不在这里。
我是PHP和Yii的完全初学者,并且不知道为什么这不起作用。
修改
这是我的ItemController:
<?php
namespace app\controllers;
use Yii;
use app\models\Item;
use app\models\ItemSearch;
use yii\web\Controller;
use yii\web\NotFoundHttpException;
//use yii\filters\VerbFilter;
use yii\filters\AccessControl;
/**
* ItemController implements the CRUD actions for Item model.
*/
class ItemController extends Controller
{
public function behaviors()
{
//return [
//'verbs' => [
//'class' => VerbFilter::className(),
//'actions' => [
//'delete' => ['post'],
//],
//],
//];
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'actions' => ['index'],
'roles' => ['@'],
],
[
'allow' => true,
'actions' => ['view'],
'roles' => ['@'],
],
[
'allow' => true,
'actions' => ['create'],
'roles' => ['admin', 'author'],
],
[
'allow' => true,
'actions' => ['update'],
'roles' => ['admin', 'author'],
],
],
],
];
}
/**
* Lists all Item models.
* @return mixed
*/
public function actionIndex()
{
$searchModel = new ItemSearch();
$dataProvider = $searchModel->search(Yii::$app->request->queryParams);
if(Yii::$app->user->isGuest)
{
$this->redirect(Yii::$app->homeUrl . 'login');
}
else
{
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider,
]);
}
}
/**
* Displays a single Item model.
* @param integer $id
* @return mixed
*/
public function actionView($id)
{
$model = $this->findModel($id);
$providerHistory = new \yii\data\ArrayDataProvider([
'allModels' => $model->histories,
]);
return $this->render('view', [
'model' => $this->findModel($id),
'providerHistory' => $providerHistory,
]);
}
/**
* Creates a new Item model.
* If creation is successful, the browser will be redirected to the 'view' page.
* @return mixed
*/
public function actionCreate()
{
$model = new Item();
if ($model->loadAll(Yii::$app->request->post()) && $model->saveAll()) {
return $this->redirect(['view', 'id' => $model->Id]);
} else {
return $this->render('create', [
'model' => $model,
]);
}
}
/**
* Updates an existing Item model.
* If update is successful, the browser will be redirected to the 'view' page.
* @param integer $id
* @return mixed
*/
public function actionUpdate($id)
{
$model = $this->findModel($id);
if ($model->loadAll(Yii::$app->request->post()) && $model->saveAll()) {
return $this->redirect(['view', 'id' => $model->Id]);
} else {
return $this->render('update', [
'model' => $model,
]);
}
}
/**
* Deletes an existing Item model.
* If deletion is successful, the browser will be redirected to the 'index' page.
* @param integer $id
* @return mixed
*/
public function actionDelete($id)
{
$this->findModel($id)->deleteWithRelated();
return $this->redirect(['index']);
}
/**
*
* Export Item information into PDF format.
* @param integer $id
* @return mixed
*/
public function actionPdf($id) {
$model = $this->findModel($id);
$providerHistory = new \yii\data\ArrayDataProvider([
'allModels' => $model->histories,
]);
$content = $this->renderAjax('_pdf', [
'model' => $model,
'providerHistory' => $providerHistory,
]);
$pdf = new \kartik\mpdf\Pdf([
'mode' => \kartik\mpdf\Pdf::MODE_CORE,
'format' => \kartik\mpdf\Pdf::FORMAT_A4,
'orientation' => \kartik\mpdf\Pdf::ORIENT_PORTRAIT,
'destination' => \kartik\mpdf\Pdf::DEST_BROWSER,
'content' => $content,
'cssFile' => '@vendor/kartik-v/yii2-mpdf/assets/kv-mpdf-bootstrap.min.css',
'cssInline' => '.kv-heading-1{font-size:18px}',
'options' => ['title' => \Yii::$app->name],
'methods' => [
'SetHeader' => [\Yii::$app->name],
'SetFooter' => ['{PAGENO}'],
]
]);
return $pdf->render();
}
/**
* Finds the Item model based on its primary key value.
* If the model is not found, a 404 HTTP exception will be thrown.
* @param integer $id
* @return Item the loaded model
* @throws NotFoundHttpException if the model cannot be found
*/
protected function findModel($id)
{
if (($model = Item::findOne($id)) !== null) {
return $model;
} else {
throw new NotFoundHttpException(Yii::t('app', 'The requested page does not exist.'));
}
}
/**
* Action to load a tabular form grid
* for History
* @author Yohanes Candrajaya <moo.tensai@gmail.com>
* @author Jiwantoro Ndaru <jiwanndaru@gmail.com>
*
* @return mixed
*/
public function actionAddHistory()
{
if (Yii::$app->request->isAjax) {
$row = Yii::$app->request->post('History');
if((Yii::$app->request->post('isNewRecord') && Yii::$app->request->post('_action') == 'load' && empty($row)) || Yii::$app->request->post('_action') == 'add')
$row[] = [];
return $this->renderAjax('_formHistory', ['row' => $row]);
} else {
throw new NotFoundHttpException(Yii::t('app', 'The requested page does not exist.'));
}
}
}
和我的item / create.php视图:
<?php
use yii\helpers\Html;
/* @var $this yii\web\View */
/* @var $model app\models\Item */
$this->title = Yii::t('app', 'Create Item');
$this->params['breadcrumbs'][] = ['label' => Yii::t('app', 'Item'), 'url' => ['index']];
$this->params['breadcrumbs'][] = $this->title;
?>
<div class="item-create">
<h1><?= Html::encode($this->title) ?></h1>
<?= $this->render('_form', [
'model' => $model,
]) ?>
</div>
答案 0 :(得分:1)
有些视图是在<receiver
android:name=".SmsBroadReceiver"
android:permission="android.permission.BROADCAST_SMS">
<intent-filter>
<action android:name="android.provider.Telephony.SMS_RECEIVED"
/>
</intent-filter>
</receiver>`
局部视图中存储的公共部分中组织的,因此您需要在_form.php部分视图中检查所需的代码,(在相同的\ views \ yuormodel_form.php中) )并用你的rbac条件扩展行为
_form.php在你可以看到的create.php视图中
<?php if (\Yii::$app->user->can('createPost')) : ?>
<?= Html::a(Yii::t('app', 'Create Item'), ['create'], ['class' => 'btn btn-success']) ?>
<?php endif; ?>
呈现(通用)视图_form
在_form.php附近,你应该找到这个代码用于创建)或更新)按钮
如果要启用Admin角色按钮,则应添加检查,例如:这样
<?= $this->render('_form', [
'model' => $model,
]) ?>