在yiic shell工具中使用authManager的RBAC ACL出现CException错误

时间:2011-11-02 17:49:06

标签: yii acl rbac

yiic shell运行自定义命令时出现以下错误。 我在MAMP 2.0.2

上使用了最新的OS X 10.7.2

我不确定readermember错误的含义不存在?

第56行是:$role->addChild("reader");,自定义命令和终端输出的完整代码如下:

users-MacBook-Air:protected user$ ./yiic shell ../index.php
Yii Interactive Tool v1.1 (based on Yii v1.1.2)
Please type 'help' for help. Type 'exit' to quit.
>> rbac
This command will create three roles: Owner, Member, and Reader and the following permissions:
create, read, update and delete user
create, read, update and delete project
create, read, update and delete issue
Would you like to continue? [Yes|No]y
exception 'CException' with message 'Either "member" or "reader" does not exist.' in /Users/user/Dropbox/localhost/yii/framework/web/auth/CDbAuthManager.php:203
Stack trace:
#0 /Users/user/Dropbox/localhost/yii/framework/web/auth/CAuthItem.php(185): CDbAuthManager->addItemChild('member', 'reader')
#1 /Users/user/Dropbox/localhost/trackstar/protected/commands/shell/RbacCommand.php(56): CAuthItem->addChild('reader')
#2 /Users/user/Dropbox/localhost/yii/framework/cli/commands/ShellCommand.php(144): RbacCommand->run(Array)
#3 /Users/user/Dropbox/localhost/yii/framework/cli/commands/ShellCommand.php(99): ShellCommand->runShell()
#4 /Users/user/Dropbox/localhost/yii/framework/console/CConsoleCommandRunner.php(62): ShellCommand->run(Array)
#5 /Users/user/Dropbox/localhost/yii/framework/console/CConsoleApplication.php(88): CConsoleCommandRunner->run(Array)
#6 /Users/user/Dropbox/localhost/yii/framework/base/CApplication.php(135): CConsoleApplication->processRequest()
#7 /Users/user/Dropbox/localhost/yii/framework/yiic.php(33): CApplication->run()
#8 /Users/user/Dropbox/localhost/trackstar/protected/yiic.php(7): require_once('/Users/user/Dro...')
#9 /Users/user/Dropbox/localhost/trackstar/protected/yiic(4): require_once('/Users/user/Dro...')
#10 {main}
>> 

RBAC命令:

<?php

    class RbacCommand extends CConsoleCommand
    {
        private $_authManager;

        public function getHelp()
        {
            return "<<<EOD

            USAGE
                rbac

            DESCRIPTION
                This command generates an initial RBAC authorization hierarchy.

            EOD";
        }

        public function run($args)
        {
            if(($this->_authManager=Yii::app()->authManager)===null)
            {
                echo "Error: an authorization manager, named 'authManager' must be configured to use this command.\n";
                echo "If you already added 'authManager' component in applicaton configuration,\n";
                echo "please quit and re-enter the yiic shell.\n";
                return;
            }

            echo "This command will create three roles: Owner, Member, and Reader and the following permissions:\n";
            echo "create, read, update and delete user\n";
            echo "create, read, update and delete project\n";
            echo "create, read, update and delete issue\n";
            echo "Would you like to continue? [Yes|No]";

            if(!strncasecmp(trim(fgets(STDIN)),'y',1))
            {
                $this->_authManager->clearAll();

                $this->_authManager->createOperation("createUser","create a new user");
                $this->_authManager->createOperation("readUser","read user profile information");
                $this->_authManager->createOperation("updateUser","update a users information");
                $this->_authManager->createOperation("deleteUser","remove a user from a project");

                $this->_authManager->createOperation("createProject","create a new project");
                $this->_authManager->createOperation("readProject","read project information");
                $this->_authManager->createOperation("updateProject","update project information");
                $this->_authManager->createOperation("deleteProject","delete a project");

                $this->_authManager->createOperation("createIssue","create a new issue");
                $this->_authManager->createOperation("readIssue","read issue information");
                $this->_authManager->createOperation("updateIssue","update issue information");
                $this->_authManager->createOperation("deleteIssue","delete a issue");

                $role=$this->_authManager->createRole("member");
                $role->addChild("reader");
                $role->addChild("createIssue");
                $role->addChild("updateIssue");
                $role->addChild("deleteIssue");

                $role=$this->_authManager->createRole("owner");
                $role->addChild("reader");
                $role->addChild("member");
                $role->addChild("createUser");
                $role->addChild("updateUser");
                $role->addChild("deleteUser");
                $role->addChild("createProject");
                $role->addChild("updateProject");
                $role->addChild("deleteProject");
            }
        }
    }

?>

1 个答案:

答案 0 :(得分:0)

我认为您需要先创建“阅读器”操作(或任务或角色),然后才能使用addChild()将其添加到“成员”角色。像这样:

<?php
// define reader role
$role=$this->_authManager->createRole("reader");
// add some operations
$role->addChild("readIssue");
// NOW create the member role
$role=$this->_authManager->createRole("member");
// and now that reader is defined, we can add it to member
$role->addChild("reader");
?>

我相信你已经找到了这个,但Yii Guide page for Role-based ACL还有更多细节。